**我正在尝试弄清楚如何在注册和登录系统上使用password_hash。 目前,我正在像这样使用password_hash来注册我的用户。**我正在尝试通过phpmysql使用密码哈希。问题是password_verify到目前为止似乎不适用于我。谁能告诉我如何验证password_hash功能?
<?php
include_once "Session.php";
include_once "Database.php";
class User
{
private $db;
public function __construct()
{
$this->db = new Database();
}
public function userRegistration($data){
$name = $data['name'];
$username = $data['username'];
$email = $data['email'];
$password = $data['password'];
if (strlen($password) < 6){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Password must be
character length</div>";
return $msg;
}elseif (!preg_match('#[A-Z]+#', $password)){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Password must contain 1
uppercase letter</div>";
return $msg;
}elseif (!preg_match('#[a-z]+#', $password)){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Password must contain 1
lowercase letter</div>";
return $msg;
}elseif (!preg_match('#[0-9]+#', $password)){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Password must contain 1
number</div>";
return $msg;
}else{
$pass_hash = password_hash( $password, PASSWORD_BCRYPT );
}
$check_email = $this->checkEmail($email);
if ($name == '' || $username == '' || $email == '' || $password == ''){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Filed must not be
empty</div>";
return $msg;
}
if (strlen($username) < 3){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Username is too
short</div>";
return $msg;
}
elseif (preg_match('/[^a-z0-9_-]/i', $username)){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Username only contain
alphanumeric, dashes and underscores!</div>";
return $msg;
}
if (filter_var($email, FILTER_VALIDATE_EMAIL ==false)){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Please enter a valid
email address</div>";
return $msg;
}
if ($check_email == true){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Email already
exits</div>";
return $msg;
}
$sql = "INSERT INTO users (name, user_name, email, password) VALUES (:name, :username,
:email, :pass_hash)";
$query = $this->db->pdo->prepare($sql);
$query->bindValue(':name',$name);
$query->bindValue(':username',$username);
$query->bindValue(':email',$email);
$query->bindValue(':pass_hash',$pass_hash);
$query->execute();
if ($query){
$msg = "<div class='alert alert-success'> <strong> Successful!</strong> You have been
registered</div>";
return $msg;
}else{
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Try again</div>";
return $msg;
}
}
public function checkEmail($email){
$sql = "SELECT email FROM users WHERE email = :email";
$query = $this->db->pdo->prepare($sql);
$query->bindValue(':email',$email);
$query->execute();
if ($query->rowCount() > 0){
return true;
} else{
return false;
}
}
public function userLogin($data){
$email = $data['email'];
$password = $data['password'];
// $pass_hash = password_hash($password, PASSWORD_BCRYPT);
$check_email = $this->checkEmail($email);
if ( $email == '' || $password == ''){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Filed must not be
empty</div>";
return $msg;
} elseif (filter_var($email, FILTER_VALIDATE_EMAIL ==false)){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Please enter a valid
email address</div>";
return $msg;
} else if ($check_email == false){
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Email not
found</div>";
return $msg;
}
$result = $this->getLoginUser($email, $password);
if ($result){
Session::init();
Session::set('login', true);
Session::set('id', $result->id);
Session::set('name', $result->name);
Session::set('username', $result->user_name);
Session::set('loginmsg',"<div class='alert alert-success'> <strong> Success!</strong>
You are logged in</div>" );
header("location:index.php");
}else{
$msg = "<div class='alert alert-danger'> <strong> Error!</strong> Try Again</div>";
return $msg;
}
}
public function getLoginUser($email, $password){
$sql = "SELECT * FROM users WHERE email = :email AND password = :password";
$query = $this->db->pdo->prepare($sql);
$query->bindValue(':email',$email);
$query->bindValue(':password',$password);
$query->execute();
$value = $query->fetch(PDO::FETCH_OBJ);
return $value;
}
}
**Can anyone help me to solve this problem?**