password_verify返回false以获取正确的密码。为了在另一个脚本中对密码进行哈希处理,我使用了password_hash($Password, PASSWORD_DEFAULT);,然后将其存储在数据库中。
header("Access-Control-Allow-Origin: *");
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$validated = true;
$usrEmail = "";
$usrPassword = "";
//Validate 'email':
if(!isset($_GET['email'])){
$usrEmail = "";
}else{
$usrEmail = $_GET['email'];
}
//Validate 'password':
if(!isset($_GET['password'])){
$usrPassword = "";
}else{
$usrPassword = $_GET['password'];
}
if($validated){
//Send data to database:
$response = sendRequest($GLOBALS['usrEmail'], $GLOBALS['usrPassword']);
echo json_encode($response);
}else{
//Send an error:
$response = array('LOGGEDIN' => 'NO', 'STATUS' => 'VALIDATIONFAIL');
echo json_encode($response);
}
//Make the request:
function sendRequest($email, $usrPassword){
include('config.php');
$sql = 'SELECT password
FROM `users`
WHERE email=?';
$pdo = new PDO($connect_pdo, $User, $Password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$sth = $pdo->prepare($sql);
$array = array($email);
$sth->execute($array);
$result = $sth->fetchAll();
$numrows = $sth->rowCount();
$hashedPassword = '';
if($numrows > 0){
for ($ri = 0; $ri < $numrows; $ri++) {
$row = $result[$ri];
$hashedPassword = $row['password'];
}
$hashedPassword = substr( $hashedPassword, 0, 60 );
if(password_verify($usrPassword, $hashedPassword)){
return login($email, $hashedPassword);
}else{
return array("LOGGEDIN" => 'NO', "STATUS" => 'Password Mismatch');
}
}else{
return array("LOGGEDIN" => 'NO', "STATUS" => 'Unknown Error');;
}
} catch (PDOException $e) {
echo $e->getMessage();
}
}
我在Stack Overflow和其他站点上都看过许多不同的帖子,而没有与我的问题相关的解决方案。