2016-08-01 214 views
2

我有2個項目1只是用來檢查用戶名和密碼,如果它們存在於數據庫中,它有password_verify()函數的工作,另一個你可以註冊然後登錄,但是在這個1函數password_verify總是返回false,即使我已經在兩個代碼中寫入了相同的代碼,但是更改了表名,我將發佈項目,所以如果有人可以幫助我。 我沒有檢查它是否正常連接到數據庫並返回正確的電子郵件結果,但是當涉及到比較哈希傳遞和輸入的郵件總是錯誤的。PHP password_verify返回false

的index.php是主要的頁,並且只包含兩個PHP行:

  1. 包括( 「signup.php」);
  2. include(「login.php」);

Connection.php

<?php 
$server="localhost"; 
$db_username="myusername"; 
$db_password="mypassword"; 
$db="test_db"; 

$conn=mysqli_connect($server,$db_username,$db_password,$db); 


if(!$conn) 
    die ("Connection Failed: ".mysqli_connect_error()); 


?> 

signup.php

<?php 
session_start(); 
if(isset($_POST['signup'])) 
{ 
    function validateFormData($formData) 
    { 
     $formData=trim(stripcslashes(htmlspecialchars($formData))); 
     return $formData; 
    } 

    $email=validateFormData($_POST['email']); 
    $password=validateFormData($_POST['password']); 

    if(!$_POST['email']) 
     $error.="Please enter an email<br>"; 

    else if(!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) 
    { 
     $error.="Please enter a valid email<br>"; 
    } 

    if(!$_POST['password']) 
     $error.="Please enter a password<br>"; 

    else 
    { 
     if(strlen($_POST['password'])<8) 
      $error.="Password must contain at least 8 characters<br>"; 

     if(!preg_match('`[A-Z]`',$_POST['password'])) 
      $error.="Password must contain at least one capital letter<br>"; 
    } 

    if($error) 
    { 
     echo "<div class='alert alert-danger text-center lead'><a class='close red' data-dismiss='alert'>&times;</a>".$error."</div>"; 
    } 
    else 
    { 
     include('connection.php'); 

     $query="SELECT * FROM `diary` WHERE email='".mysqli_real_escape_string($conn,$email)."'"; 

     $result=mysqli_query($conn,$query); 
     $results=mysqli_num_rows($result); 

     if($results) 
      echo "<div class='alert alert-danger text-center lead'>This email already exists, do you want to log in?<a class='close red' data-dismiss='alert'>&times;</a></div>"; 

     else 
     { 
     $selectUser=mysqli_real_escape_string($conn,$email); 
     $hashedPass=password_hash($password,PASSWORD_DEFAULT); 
     $query="INSERT INTO `diary`(`email`, `password`) VALUES ('$selectUser','$hashedPass')"; 
     mysqli_query($conn,$query); 
     echo "<div class='alert alert-success text-center lead'>You've been signed up!<a class='close green' data-dismiss='alert'>&times;</a></div>"; 

     $_SESSION['id']=mysqli_insert_id($conn); 


     } 
} 

} 


?> 

的login.php

<?php 

if(isset($_POST['login'])) 
{ 


    function validateFormData($formData) 
    { 
     $formData=trim(stripcslashes(htmlspecialchars($formData))); 
     return $formData; 
    } 


    $formEmail=validateFormData($_POST['loginEmail']); 
    $formPass=validateFormData($_POST['loginPassword']); 
    $newPass=password_hash($formPass,PASSWORD_DEFAULT); 
    echo $newPass; 

    include("connection.php"); 

    $query="Select * from diary where email='$formEmail' "; 

    $result=mysqli_query($conn,$query); 

     if(mysqli_num_rows($result)>0) 
    { 
     while($row=mysqli_fetch_assoc($result)) 
     { 
      $LogEmail= $row['email']; 
      $LogPass= $row['password']; 
      echo "<br>".$LogPass; 

     } 
     if(password_verify($newPass,$LogPass)) 
     { 
      echo "<br>Correct Password";  
     } 
      else 
       echo "<br>Not Correct"; 
    } 


} 

?> 

$ newPass的輸出: 「$ 2Y $ 10 $ dw0AtEExMc41p4nUB3W9kOOWTcNZmQev9jM4emNn7oQNODfu6Ld.q」

$ LogPass的輸出是: 「$ 2Y $ 10 $ biz6Z5nxsMZXNf7p3ebqw.pksPb1VhWEmoan776rMqOC7VcFRQbrK」

指數

<?php 

include("signup.php"); 
include("login.php"); 

?> 
<!DOCTYPE html> 
<html lang="en"> 
<head> 
    <meta charset="UTF-8"> 
    <meta name="viewport" content="width=device-width, initial-scale=1.0"> 
    <meta name="description" content=""> 
    <meta name="author" content=""> 
    <title>Secret Diary</title> 

    <link rel="stylesheet" href="css/Normalize.css"> 
    <link rel="stylesheet" href="bootstrap/css/bootstrap.min.css"> 
    <link rel="stylesheet" href="css/style.css"> 

    <!--[if IE]> 
     <script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script> 
     <script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script> 
    <![endif]--> 

</head> 

<body> 
    <div class="container"> 
     <form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>"> 
      <legend><h1 class="text-center">Sign Up</h1></legend> 
     <div class="form-group"> 
      <label class="control-label col-sm-2" for="email" >Email:</label> 
      <div class="col-sm-10"> 
      <input type="email" class="form-control" style="width:90%" id="email" placeholder="Enter Email" name="email" value="<?php echo addslashes($_POST['email']);?>"> 
      </div> 
     </div> 
     <div class="form-group"> 
      <label class="control-label col-sm-2" for="pwd">Password:</label> 
      <div class="col-sm-10"> 
      <input type="password" class="form-control" style="width:90%" id="pwd" placeholder="Password" name="password"> 
      </div> 
     </div> 
     <div class="form-group"> 
      <div class="col-sm-offset-2 col-sm-10"> 
      <button type="submit" class="btn btn-success " id="btnClick" name="signup">Sign Up</button> 
      </div> 
     </div> 
     </form><!--SIGN UP--> 

     <form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>"> 
      <legend><h1 class="text-center">Log In</h1></legend> 
     <div class="form-group"> 
      <label class="control-label col-sm-2" for="LogInEmail" >Email:</label> 
      <div class="col-sm-10"> 
      <input type="email" class="form-control" style="width:90%" id="LogInEmail" placeholder="Enter Email" name="loginEmail" value="<?php echo addslashes($_POST['loginEmail']);?>"> 
      </div> 
     </div> 
     <div class="form-group"> 
      <label class="control-label col-sm-2" for="LogInPassword">Password:</label> 
      <div class="col-sm-10"> 
      <input type="password" class="form-control" style="width:90%" id="LogInPassword" placeholder="Password" name="loginPassword"> 
      </div> 
     </div> 
     <div class="form-group"> 
      <div class="col-sm-offset-2 col-sm-10"> 
      <button type="submit" class="btn btn-success " id="btnClick" name="login">Log In</button> 
      </div> 
     </div> 
     </form><!--LOG IN--> 
</div> 
    <script src="js/JQuery.min.js"></script> 
    <script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script> 
    <script src="js/script.js" type="text/javascript"></script> 
</body> 
</html> 
+0

我試了一下沒有這個功能,但還是一樣 –

+0

我可以發送你這個項目,它只有註冊和登錄,也許你可以得到更好的知識,什麼問題可能 –

+0

哈希是密碼,我沒有檢查 –

回答

1

當您包含dbconnection時,您將覆蓋您的$password

include('connection.php'); 

有:

$password="mypassword"; 

此前設置:

$password=validateFormData($_POST['password']); 

所以你的哈希密碼是不是用戶的密碼,但您的數據庫密碼。

我會以db_爲所有DB憑證變量加上前綴。所以你的數據庫密碼變量將是$db_password。這將允許你在整個項目中擁有不同的變量(我想)。您可以使用$formPass而不是$newpass$newpass將在verify函數中被雙重散列。

$formEmail=validateFormData($_POST['loginEmail']); 
$formPass=validateFormData($_POST['loginPassword']); 
$newPass=password_hash($formPass,PASSWORD_DEFAULT); 

所以更改:

if(password_verify($newPass,$LogPass)) 

到:

if(password_verify($formPass, $LogPass)) 
+0

好吧,我將變量密碼更改爲db_password,並在login.php中對錶單數據進行了散列處理,並將它回顯給出了「$ 2y $ 10 $ boLdsZ6VRceuEf4x7x8II.in9yHN0nCDFLABEU5xJg。 8BjvVvB6uC「 –

+0

和$ LogPass回聲」$ 2y $ 10 $ biz6Z5nxsMZXNf7p3ebqw.pksPb1VhWEmoan776rMqOC7VcFRQbrK「所以它們是不同的 –

+0

對不起,散列$ formPass不形成數據 –

0

password_verify預計明文密碼作爲第一個參數。要解決你的代碼,刪除此行:

$newPass=password_hash($formPass,PASSWORD_DEFAULT); 

而改變這一行:

if(password_verify($newPass,$LogPass)) 

以下幾點:

if(password_verify($formPass,$LogPass)) 
+0

嘿@ chris85猜猜我到了,而問題是在變化。當我發佈這個內容時,沒有人寫過答案,大多數評論討論都隱藏了。我剛剛在'login.php'中看到了這個問題並寫下了它。甚至直到現在才意識到(在閱讀你的答案時)在我到達之前還有其他問題已經解決(例如db密碼覆蓋) – BeetleJuice