password_verify,不明白为什么不起作用| PHP,MYSQL

时间:2019-04-25 11:24:06

标签: php mysql

  

ANSWER
我更改了
$ verifyPassword = password_verify('$ password',$ row ['userpassword']);
更改为
$ verifyPassword = password_verify($ password,   $ row ['userpassword']);

     

我的用户密码VARCHAR是VARCHAR(50),我将其更改为   VARCHAR(255)

我正在尝试使用MYSQL在PHP中创建登录系统,我已经完成了注册部分,并且对密码进行了哈希处理。 [注册正在运行]。

现在我正在处理登录部分,但是它不起作用,我已经尝试了一段时间,但无法弄清楚...

当我尝试登录并输入正确的用户名和密码时,会得到“错误的密码”。

我尝试回显$password$row['userpassword],并且正在获取所需的字符串。

我不明白为什么它不起作用。 :(

*已在表中隐藏密码

$2y$10$qb9z5oRo4reF84.N.coQ8.itQPcOSvpeLdeWgL6uKkG

数据库表:用户

+------+--------+---------------+------------+<br>
|userid|username|useremail      |userpassword|<br>
+------+--------+---------------+------------+<br>
|7     |admin   |email@gmail.com|hash*       |<br>
+------+--------+---------------+------------+<br>

HTML 

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="ie=edge">
  <title>Page title</title>
  <link rel="stylesheet" href="../css/desktop.css">
</head>
<body>
  <form action="config/login.config.php" method="POST">
    <div>
      <div>
        <input type="text" name="login_username" autocomplete="off" autofocus placeholder="username">
      </div>
      <div>
        <input type="password" name="login_password" autocomplete="off" placeholder="password">
      </div>
      <div>
        <button type="submit" name="login_submit">LOG IN</button>
      </div>
    </div>
  </form>
</body>
</html>

PHP 

<?php 
if (isset($_POST['login_submit'])) {
  require 'dbc.php';

  $username = $_POST['login_username'];
  $password = $_POST['login_password'];

  if (empty($username) || empty($password)) {
    header('Location: ../login.php?error=emptyfields');
    exit();
  } else {
    $sql = "SELECT username, userpassword FROM users WHERE username='$username'";
    $result = $conn->query($sql);
    if ($result->num_rows > 0) {
      while($row = $result->fetch_assoc()) {
        #echo $password;
        #echo "<br>";
        #echo $row['userpassword'];
        $verifyPassword = password_verify('$password', $row['userpassword']);
        if ($verifyPassword == false) {
          echo "password wrong";
         } else if($verifyPassword == true) {
          echo "logged in!";
         } else {
           echo "password error";
         }
      }
    } else {
      header('Location: ../login.php?noUserFound');
    }
  } 
}

1 个答案:

答案 0 :(得分:0)

正如已经提到的,您的代码对于SQL注入而言并不安全,因此,要使安全性较差,请使用addslashes函数,并且对所有代码进行了修复:

<?php 
if (isset($_POST['login_submit'])) {
  require 'dbc.php';

  $username = addslashes ($_POST['login_username']);
  $password = addslashes ($_POST['login_password']);

  if (empty($username) || empty($password)) {
    header('Location: ../login.php?error=emptyfields');
    exit();
  } else {
    $sql = "SELECT username, userpassword FROM users WHERE username='$username'";
    $result = $conn->query($sql);
    if ($result->num_rows > 0) {
      while($row = $result->fetch_assoc()) {
        #echo $password;
        #echo "<br>";
        #echo $row['userpassword'];
        $verifyPassword = password_verify($password, $row['userpassword']);
        if ($verifyPassword == false) {
          echo "password wrong";
         } else if($verifyPassword == true) {
          echo "logged in!";
         } else {
           echo "password error";
         }
      }
    } else {
      header('Location: ../login.php?noUserFound');
    }
  } 
}
相关问题
最新问题