php解密密码不起作用

时间:2018-06-13 04:11:20

标签: php hash passwords verification php-password-hash

使用以下代码加密数据库中的密码:

$pas = $_POST['password'];    
$pass = password_hash($pas, PASSWORD_BCRYPT);
在solucioncontroller.php中的

我尝试验证加密的密码,但它不起作用

class solucionController {
include_once 'model/solucion.php';

public function Login()
{
    $solucion = new solucion();
    if (isset($_POST["login"]) && isset($_POST["password"]))
    {
        $login = htmlentities(addslashes($_POST["login"]));
        $password = htmlentities(addslashes($_POST["password"]));
        $solucion = $this->model->Logeo($login, $password);
        $pass= $this->model->getpass();
        if (password_verify($password, $pass)&&$solucion == 1)
        {
            setcookie('usuario', $login, time() + 3600);
            session_start();
            $_SESSION["Usuario"] = $login;
            header("Location: view/header.php");
            header("Location: view/solucion/solucion.php");
            header("Location: view/Footer.php");
        }
    }
    header('Location: index.php');
    return;
}
}

在模型solucion.php中我搜索在登录视图中输入的用户和密码

class solucion {
public $res;

public function Logeo($login, $pass)
{
    try {
        $sql = "SELECT * FROM logeo WHERE usuario = :login AND pass = :password";
        $resultado = $this->pdo->prepare($sql);
        $resultado->bindValue(":login", $login);
        $resultado->bindValue(":password", $pass);
        $resultado->execute();
        $numero_registro = $resultado->rowCount();
        if ($numero_registro != 0)
        {  
            return 1;
        }
       $this->res = $resultado->fetch(PDO::FETCH_ASSOC);
    } catch (Exception $e) {
        die($e->getMessage());
    }
}
}

public function getpass(){
    return $this->res['pass'];
}
登录视图中的

是输入用户名和密码的表单

<?php 
if(isset($_COOKIE['usuario'])){
require 'view/solucion/solucion.php';
}
else{


?>
<a class="btn btn-success pull-right" href="?c=solucion&a=Invitado">Invitado</a>
<h1>Introduce tus datos</h1>
    <form action="?c=solucion&a=Login" method="post">
        <div class="container">
        <label for="login"><b>Username</b></label>
<input type="text" placeholder="Ingrese usuario" name="login" required>
<label for="password"><b>Password</b></label>
<input type="password" placeholder="Ingrese Contraseña" name="password" required>
<button type="submit">Login</button>             
            </div>
        </form>
<?php }?>

输入用户名和密码时,数据将被删除,我将保留在登录视图中

1 个答案:

答案 0 :(得分:1)

您应该使用usuario来获取数据,而不是使用数据库中的usuariopass。因为保存在数据库中的密码是哈希的,不能与用户输入的简单文本密码进行比较。更改型号代码如下:

class solucion {

    public $res;

    public function Logeo($login, $pass) {
        try {
            $sql = "SELECT * FROM logeo WHERE usuario = :login";
            $resultado = $this->pdo->prepare($sql);
            $resultado->bindValue(":login", $login);
            $resultado->execute();
            $numero_registro = $resultado->rowCount();
            if ($numero_registro != 0) {
                return 1;
            }
            $this->res = $resultado->fetch(PDO::FETCH_ASSOC);
        } catch (Exception $e) {
            die($e->getMessage());
        }
    }
}

public function getpass() {
    return $this->res['pass'];
}

还需要从请求中获取密码:

$password = $_POST["password"];

而不是

$password = htmlentities(addslashes($_POST["password"]));