我已經經歷在PHP中password_hash()
和password_verify()
方法和我一直在努力,包括在我的代碼。我似乎無法完成它的工作,我已經通過一系列的Google搜索甚至是一些關於SO的問題,但他們似乎沒有解決這個問題。在數據庫PHP password_verify()似乎不工作
我列的長度爲255當我嘗試運行代碼,我得到的消息$loginerror
。這是我的代碼塊。請問我做錯了什麼。
$signin_email=$_POST['signin_email'];
$signin_password=$_POST['signin_password'];
if($valid){
require_once 'scripts/connect_to_mysql.php';
$sql = "SELECT First_name, Last_name,Password FROM customer WHERE Email=? AND Password=? LIMIT 1";
$stmt=$conn->prepare($sql);//preparing the statement
if(!$stmt){
echo "Unable to prepare: ".$conn->errno. " " .$conn->error;
}
//executing the statement
//$date=date('d m Y h:i:s');
if(!$stmt->bind_param('ss', $signin_email, $signin_password)){//bind parameters to sql statement. i=integer, s=string, b=blob, d=double
echo "Binding parameters failed: ".$stmt->errno. " " . $stmt->error;
}
if(!$stmt->execute()){//executing the statement
echo "Statement Execution failed: ". $stmt->error;
}
if(!$stmt->bind_result($dbfirstname,$dblastname,$dbpassword)){// used to bind variables to a prepared statement for result storage
echo "Unable to bind results to variables: ".$stmt->error;
}
$stmt->store_result();
//echo $stmt->num_rows;
echo $dbpassword;
if(password_verify($signin_password, $dbpassword)){
if($stmt->num_rows===1){//to check if username and password actually exists
while($row=$stmt->fetch()){
$user=$dbfirstname. " ". $dblastname;
echo $user;
}
/*$_SESSION['user']=$user;
header('location:logintest.php');
exit();*/
}
}
else{
//$error="Invalid Email address/Password. Please try again";
$loginerror= "Invalid Email address/Password. Please try again";
}
$stmt->close();//closing the prepared statement
$conn->close();//closing the connection
}
注意,第二個選項應該強烈反對,因爲'password_hash'被設計成透明的升級到未來更強的哈希算法。 'password_verify'查看創建記錄時使用的散列值,可能不是當前的默認值。 – IMSoP
@IMSoP這是很重要的評論,謝謝。 – MSadura
感謝您的回覆@MarkS。散列'$ signin_password'將使它不等於數據庫中的密碼,因爲它會創建一個與之前創建的散列不同的新散列。我從查詢中刪除了'AND Password =?',仍然得到了相同的結果。請幫忙。 – seun