PHP Password_verify总是返回false,不管是什么?

时间:2017-09-10 10:50:58

标签: php login registration

我在php中创建一个登录和注册系统。我在同一个类中使用php的password_hash和password_verify函数。

每次我尝试检查密码时都会返回false。

我的sql密码行设置为TEXT。

这是我用于创建和记录用户的用户类。

<?php 
/**
* 
*/
class User
{
    private $pdo;
    function __construct()
    {
        # code...
    }

    public function newUser($username, $email, $password)
    {
        global $pdo;
        //check if username is taken
        $checkUsername = $this->checkUsername($username);
        if (!$checkUsername) {
            $checkEmail = $this->checkEmail($email);
            if (!$checkEmail) {
                $hashPass = password_hash($password, PASSWORD_DEFAULT);
                if ($hashPass) {
                    $upload = $pdo->prepare("INSERT INTO users (username, password, email) VALUES (:username, :password, :email)");
                    $upload->execute(array(":username"=>$username, ":password"=>$hashPass, ":email"=>$email));

                    if ($upload) {
                        return true;
                    }else{
                        return false;
                    }
                }
            }else{
                return false;
            }
        }else{
            return false;
        }

        return false;
        //check if email in use
        //hash password
        //uplaod user
    }

    public function checkUsername($username)
    {
        global $pdo;
        $sql = $pdo->prepare("SELECT username FROM users WHERE username = :username LIMIT 1");
        $sql->execute(array(":username"=>$username));

        $rows = $sql->fetchColumn();
        if ($rows) {
            return true;
        }else{
            return false;
        }

        return false;
    }

    public function checkEmail($email)
    {
        global $pdo;
        $sql = $pdo->prepare("SELECT email FROM users WHERE email = :email LIMIT 1");
        $sql->execute(array(":email"=>$email));

        $rows = $sql->fetchColumn();
        if ($rows) {
            return true;
        }else{
            return false;
        }

        return false;
    }

    public function loggedin()
    {
        if (isset($_SESSION['username'])) {
            if ($_SESSION['username'] !== "Anonymous") {
                if ($_SESSION['loggedin']) {
                    return true;
                }else{
                    return false;
                }
            }else{
                return false;
            }
        }else{
            return false;
        }

        return false;
    }

    public function login($username, $password)
    {
        global $pdo;
        if (!empty($username) && !empty($password)) {
            //check if username exists
            $checkUsername = $this->checkUsername($username);
            if ($checkUsername) {
                //get db pass
                $DBPass = $pdo->prepare("SELECT password FROM users WHERE username = :username LIMIT 1");
                $DBPass->execute(array(":username"=>$username));
                $pass = $DBPass->fetchColumn();
                //verify password
                if ($pass) {
                    $verify = password_verify($password, $pass);
                    if ($verify) {
                        return true;
                    }else{
                        return "5";
                    }
                }else{
                    return "4";
                }
            }else{
                return "3";
            }
        }else{
            return "2";
        }

        return "1";
    }
    }

回归; 1,2,3,4,5只是用于调试以查看它出错的地方,它总是返回5.即使我注册和用户,注销然后注销。

P.s,如果有人对代码有任何安全提示,请发表评论!

谢谢!

0 个答案:

没有答案
相关问题
最新问题