0
我正在爲我的網站登錄。創建帳戶時,我使用password_hash()
函數,並將其作爲長度爲255的nvarchar存儲在MSSQL數據庫中。當我試圖檢查用戶登錄時給出的密碼時,它永遠不會返回true。我看過一些類似的問題,但找不到解決我問題的任何問題。PHP 5.6:password_verify函數沒有正確返回
密碼加密:
$user_password = $_POST['user_password_new'];
// crypt the user's password with PHP 5.5's password_hash() function, results in a 60 character
// hash string. the PASSWORD_DEFAULT constant is defined by the PHP 5.5
$user_password_hash = password_hash($user_password, PASSWORD_DEFAULT);
...
// write new user's data into database
$sql = $this->db_connection->prepare("INSERT INTO users (user_name, user_password_hash, user_email)
VALUES(:username, :password, :email)");
//sanitizing data to make sure no SQL or HTML gets injected
$sql -> bindParam(':username', $user_name, PDO::PARAM_STR);
$sql -> bindParam(':password', $user_password_hash, PDO::PARAM_STR);
$sql -> bindParam(':email', $user_email, PDO::PARAM_STR);
$query_new_user_insert = $sql->execute();
密碼解密:
$query = "SELECT *
FROM users
WHERE user_email = :email OR user_name = :username;";
$sql = $this->db_connection->prepare($query);
$sql -> bindParam(':username', $user_email, PDO::PARAM_STR);
$sql -> bindParam(':email', $user_email, PDO::PARAM_STR);
$sql -> execute();
$result_of_login_check = $sql->fetch(PDO::FETCH_OBJ);
// if this user exists
if ($result_of_login_check->user_id != null) {
// get result row (as an object)
$result_row = $sql->fetch(PDO::FETCH_OBJ);
// using PHP 5.5's password_verify() function to check if the provided password fits
// the hash of that user's password
if (password_verify($_POST['user_password'], $result_row[2])) {
// write user data into PHP SESSION
$_SESSION['user_id'] = $result_row[0];
$_SESSION['user_name'] = $result_row[1];
$_SESSION['user_email'] = $result_row[3];
$_SESSION['user_login_status'] = 1;
$_SESSION['success'] = 0;
任何援助將不勝感激! 謝謝!
您正在使用' - > fecth()** ** 2 **次,因此第二行將嘗試獲取結果集中的下一行,該行可能不存在。刪除'$ result_row = $ sql-> fetch(PDO :: FETCH_OBJ);'並在你的'password_verify()'中使用'$ result_of_login_check'並在下面設置Session變量。 – Sean
另外,爲什麼你要在'$ sql-> fetch(PDO :: FETCH_OBJ)'中指定'PDO :: FETCH_OBJ',但是以數值數組的形式訪問它 - >'$ result_row [0]'/'$ result_row [1 ]'/等? – Sean
哦,我完全沒有意識到我有兩次。這很有道理。我只是使用數字數組索引來訪問它,因爲我試圖將它作爲一個對象使用,並像'$ result_row - > user_id'一樣從它中獲取信息,但它沒有奏效,我猜也是出於同樣的原因。這有很大幫助。謝謝! –