我通过password_hash哈希插入的密码.我使用password_verify验证它们.
但是,当我在我的数据库中插入哈希密码并尝试验证它时,两个输出总是彼此不同.
我的网页如下,
main_login.PHP(表格):
<?PHP include 'header.PHP';?> <body> <form role="form" method="post" action="login.PHP"> <div class="form-group"> <label for="usrname">Username:</label> <input type="text" class="form-control" name="usrname" placeholder="Enter username"> </div> <div class="form-group"> <label for="passwrd">Password:</label> </div> <input type="password" class="form-control" name="passwrd" placeholder="Enter password"> <br> <input type="checkBox">Remember Me <br> <br> <button type="submit" class="btn btn-default">Submit</button> </form> </body> </html>
login.PHP(handler):
<?PHP include 'vars.PHP'; include 'header.PHP'; $sql="SELECT * FROM members WHERE usrname='$usrname'"; $result=MysqLi_query($con,$sql); $count=MysqLi_num_rows($result); $row=MysqLi_fetch_row($result); $verify=password_verify($hash,$row[2]); if($verify){ $_SESSION["usrname"]=$usrname; echo "Correct"; } else { echo "user: " . $usrname. "<br>"; echo "pass: " . $hash. "<br>"; echo "db: " . $row[2]."<br>"; echo "Wrong Username or Password"; } ?>
vars.PHP:
<?PHP $h='localhost';$u='caelin';$p='****';$d='ombouwnh'; $con=MysqLi_connect($h,$u,$p,$d); $usrname=$_POST['usrname']; $passwrd=$_POST['passwrd']; $hash=password_hash($passwrd,PASSWORD_DEFAULT); ?>
当我尝试使用用户名’caca’和密码’caca’登录时,我得到两个不同的输出,每次我重试.
我无法在stackoverflow上找到这个特殊问题.
TIA
PS.如果您需要更多详细信息,请索取
函数password_verify();有两个参数;非散列输入,以及与之比较的存储散列.它会自动散列非散列输入,以将其与存储的版本进行比较.因此,您的初始代码重新散列了已经散列的密码.应该是这样的:
$verify=password_verify($_POST['passwrd'],$row[2]); if($verify){ $_SESSION["usrname"]=$usrname; echo "Correct"; } else { echo "user: " . $usrname. "<br>"; echo "pass: " . $hash. "<br>"; echo "db: " . $row[2]."<br>"; echo "Wrong Username or Password"; }