PHP password_verify(BCRYPT)不起作用,我做错了什么?

时间:2017-09-15 06:55:10

标签: php hash passwords php-password-hash

我是PHP的新手,密码为_hash& password_verify。

我的密码_hash就像一个魅力。在成功注册后,我将哈希存储在数据库'密码' -Field中。

但主要问题似乎是password_verify。

我的Register.php:

<?php
     require('db.php');
     // If form submitted, insert values into the database.
     if (isset($_REQUEST['username'])){
     $username = stripslashes($_REQUEST['username']); // removes backslashes
     $username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
     $email = stripslashes($_REQUEST['email']);
     $email = mysqli_real_escape_string($con,$email);
     $password = stripslashes($_REQUEST['password']);
     $password = mysqli_real_escape_string($con,$password);
     $hashedpw = password_hash($password, PASSWORD_BCRYPT, ['cost' => 11]);
     $ipaddress = $_SERVER['REMOTE_ADDR'];

     $reg_date = date("Y-m-d H:i:s");
     $query = "INSERT into `user` (username, password, email, reg_date, ip) VALUES ('$username', '$hashedpw', '$email', '$reg_date', '$ipaddress')";
     $result = mysqli_query($con,$query);
     if($result){
     header("Location: regsuccess.php");
     }
     }else{
     ?>

我的Login.php:

      <?php
     require('db.php');
     function redirect($DoDie = true) {
        header('Location: success.php');
        if ($DoDie)
        die();
     }
     session_start();
     if(isset($_SESSION['username'])) {
        redirect();
    }
        // If form submitted, insert values into the database.
        if (isset($_POST['username'])){
            $username = stripslashes($_REQUEST['username']); // removes backslashes
            $username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
            $password = stripslashes($_REQUEST['password']);
            $password = mysqli_real_escape_string($con,$password);
            $hash_query = "SELECT password FROM `user` WHERE username='$username'";
            $hash_result = mysqli_query($con,$hash_query) or die(mysql_error());
            $ipaddress = $_SERVER['REMOTE_ADDR'];

            //Checking is user existing in the database or not
            $query = "SELECT * FROM `user` WHERE username='$username' and password='$password'";
            $result = mysqli_query($con,$query) or die(mysql_error());
            $rows = mysqli_num_rows($result);
            if($rows==1){
                if (password_verify($password, $hash_result)) {
                    $_SESSION['username'] = $username;
                    $trn_date = date("Y-m-d H:i:s");
                    $query = "UPDATE `user` SET `ip` = '$ipaddress', `last_login` = '$trn_date' WHERE `username` = '$username'";
                    $result = mysqli_query($con,$query) or die(mysql_error());
                    $rows = mysqli_num_rows($result);
                    header("Location: success.php"); // Redirect user to index.php
                }
                else {
                    header("Location: error.php");
                }
            }
            else {
                header("Location: error.php");
            }
        }
        else {

     ?>

所以,问题是password_verify在这里确实没有用。我输入了密码,然后将其重定向到error.php,其中表示我的用户名或密码不正确。

我做错了什么? :/感谢您的建议!

0 个答案:

没有答案
相关问题
最新问题