php – password_verify不验证哈希

前端之家收集整理的这篇文章主要介绍了php – password_verify不验证哈希前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我通过password_hash哈希插入的密码.我使用password_verify验证它们.

但是,当我在我的数据库中插入哈希密码并尝试验证它时,两个输出总是彼此不同.

我的网页如下,

main_login.PHP(表格):

<?PHP include 'header.PHP';?>
<body>
<form role="form" method="post" action="login.PHP">
  <div class="form-group">
    <label for="usrname">Username:</label>
    <input type="text" class="form-control" name="usrname" placeholder="Enter username">
  </div>
  <div class="form-group">
    <label for="passwrd">Password:</label>
  </div>
    <input type="password" class="form-control" name="passwrd" placeholder="Enter password">
    <br>
  <input type="checkBox">Remember Me
  <br>
  <br>
  <button type="submit" class="btn btn-default">Submit</button>
</form>
</body>
</html>

login.PHP(handler):

<?PHP
include 'vars.PHP';
include 'header.PHP';
$sql="SELECT * FROM members WHERE usrname='$usrname'";
$result=MysqLi_query($con,$sql);
$count=MysqLi_num_rows($result);
$row=MysqLi_fetch_row($result);
$verify=password_verify($hash,$row[2]);
if($verify){
    $_SESSION["usrname"]=$usrname;
    echo "Correct";
}
else {
    echo "user: " . $usrname. "<br>";
    echo "pass: " . $hash. "<br>";
    echo "db: " . $row[2]."<br>";
    echo "Wrong Username or Password";
}
?>

vars.PHP

<?PHP
$h='localhost';$u='caelin';$p='****';$d='ombouwnh';
$con=MysqLi_connect($h,$u,$p,$d);
$usrname=$_POST['usrname'];
$passwrd=$_POST['passwrd'];
$hash=password_hash($passwrd,PASSWORD_DEFAULT);
?>

当我尝试使用用户名’caca’和密码’caca’登录时,我得到两个不同的输出,每次我重试.
我无法在stackoverflow上找到这个特殊问题.

TIA

PS.如果您需要更多详细信息,请索取

函数password_verify();有两个参数;非散列输入,以及与之比较的存储散列.它会自动散列非散列输入,以将其与存储的版本进行比较.因此,您的初始代码重新散列了已经散列的密码.应该是这样的:
$verify=password_verify($_POST['passwrd'],$row[2]);

if($verify){
    $_SESSION["usrname"]=$usrname;
    echo "Correct";
}
else {
    echo "user: " . $usrname. "<br>";
    echo "pass: " . $hash. "<br>";
    echo "db: " . $row[2]."<br>";
    echo "Wrong Username or Password";
}

猜你在找的PHP相关文章