我正在使用password_hash加密用于插入数据库表的密码。更详细地讲,用户进行注册,然后将加密的密码插入未决用户表,然后通过电子邮件将验证链接发送给用户。可以,但是我遇到的问题是,当我将值插入用户表(通过验证)并转到登录页面时,输入的加密密码与存储在用户表中的密码不同。这是我已有的代码:
Register.php
$insert = $this->insert->into('pending_users')
->columns(array(
'username', 'password',
'email', 'first_name',
'last_name', 'address',
'city', 'state',
'zipcode', 'country',
'registration_code'
))
->values(array(
'username' => $this->register_params['username'],
'password' => password_hash($this->register_params['password'], PASSWORD_BCRYPT),
'email' => $this->register_params['email'],
'first_name' => $this->register_params['first_name'],
'last_name' => $this->register_params['last_name'],
'address' => $this->register_params['address'],
'city' => $this->register_params['city'],
'state' => $this->register_params['state'],
'zipcode' => $this->register_params['zipcode'],
'country' => $this->register_params['country'],
'registration_code' => $this->verification_code
));
Verify.php
public function authenticateCode(string $code) : bool
{
$this->code = !empty($code) ? $code : null;
$select = $this->table_gateway->select(array('registration_code' => $this->code));
$row = $select->current();
if (!$row) {
throw new \Exception(sprintf("Invalid registration code %s", $this->code));
} else {
$data = array(
'username' => $row['username'],
'password' => $row['password'],
'email' => $row['email'],
'first_name' => $row['first_name'],
'last_name' => $row['last_name'],
'address' => $row['address'],
'city' => $row['city'],
'state' => $row['state'],
'zipcode' => $row['zipcode'],
'country' => $row['country'],
);
$sql = new Sql($this->table_gateway->getAdapter());
$adapter = $this->table_gateway->getAdapter();
$insert = new Insert('users');
$insert->columns(array(
'username', 'password', 'email', 'first_name', 'last_name', 'address', 'city', 'state', 'zipcode', 'country'
))->values(array(
'username' => $data['username'],
'password' => $data['password'],
'email' => $data['email'],
'first_name' => $data['first_name'],
'last_name' => $data['last_name'],
'address' => $data['address'],
'city' => $data['city'],
'state' => $data['state'],
'zipcode' => $data['zipcode'],
'country' => $data['country'],
));
$execute = $adapter->query(
$sql->buildSqlString($insert),
Adapter::QUERY_MODE_EXECUTE
);
if (count($execute) > 0) {
$delete = $this->table_gateway->delete(array('id' => $row['id']));
if ($delete > 0) {
return true;
} else {
return false;
}
} else {
return false;
}
}
}
Login.php
public function verifyCredentials(array $credentials) : bool
{
$adapter = $this->sql->getAdapter()->getDriver()->getConnection();
$query = $adapter->execute("SELECT password FROM users WHERE username = '" . $credentials['username'] . "'");
if ($query->count() > 0) {
foreach ($query as $row) {
$password = $row['password'];
}
if (password_verify($credentials['password'], $password)) {
return true;
} else {
throw new \Exception("Error validating your password, please try again.");
}
} else {
throw new \Exception("Invalid password, please try again.");
}
}
LoginController.php
public function authAction()
{
$form = new LoginForm();
$request = $this->getRequest();
if ($request->isPost()) {
$login = new Login();
$form->setInputFilter($login->getInputFilter());
$form->setData($request->getPost());
if ($form->isValid()) {
$login->exchangeArray($form->getData());
if (!$this->getLoginService()->handleLogin()->verifyCredentials(array('username' => $login->username, 'password' => $login->password))) {
$this->flashMessenger()->addErrorMessage('Invalid username and/or password');
return $this->redirect()->toRoute('home/login', array('action' => 'failure'));
}
if (!$this->getLoginService()->handleLogin()->checkSession(array('username' => $login->username))) {
$this->flashMessenger()->addErrorMessage('A session is already active with that username.');
return $this->redirect()->toRoute('home/login', array('action' => 'failure'));
}
$this->getAuthService()->getAdapter()
->setIdentity($login->username)
->setCredential($this->getLoginService()->handleLogin()->verifyCredentials(array('username' => $login->username, 'password' => $login->password)));
$result = $this->getAuthService()->authenticate();
foreach ($result->getMessages() as $message) {
$this->flashMessenger()->addMessage($message);
}
if ($result->isValid()) {
if ($login->remember_me == 1) {
try {
$this->getSessionStorage()->rememberUser(1);
$this->getAuthService()->setStorage($this->getSessionStorage());
$this->getAuthService()->getStorage()->write($login->username);
} catch (\Exception $e) {
return $this->redirect()->toRoute('home/login', array('action' => 'failure'));
}
} else if ($login->remember_me == 0) {
try {
$this->getSessionStorage()->rememberUser(0);
$this->getAuthService()->setStorage($this->getSessionStorage());
$this->getAuthService()->getStorage()->write($login->username);
} catch (\Exception $e) {
return $this->redirect()->toRoute('home/login', array('action' => 'failure'));
}
}
return $this->redirect()->toRoute('home');
} else {
foreach ($result->getMessages() as $message) {
$this->flashMessenger()->addErrorMessage($message);
}
return $this->redirect()->toRoute('home/login', array('action' => 'failure'));
}
}
}
}
我检查了两个密码,并且加密的值不匹配,所以我收到错误消息“ Supplied Credential Is Invalid”。我不确定为什么它们不匹配。
任何帮助将不胜感激。
谢谢!
我的问题与被标记为可能的答案的问题不同,因为我只使用一次password_hash,然后使用password_verify来验证哈希在一个文件中返回。