1. 首頁
  2. 問答
  3. 註冊時密碼錯誤,但在更改密碼時工作密碼bcrypt

註冊時密碼錯誤,但在更改密碼時工作密碼bcrypt

2016-04-22 71 views
0

我在系統上發現了有關用戶註冊和密碼的信息。當我建立新用戶時,我通過bcrypt散列密碼。一切都保存到數據庫中,但最近我發現我無法登錄新創建的用戶。我猜想密碼有問題。註冊時密碼錯誤,但在更改密碼時工作密碼bcrypt

奇怪的,但當我與這個用戶在忘記密碼和添加新密碼我能登錄..用戶註冊和忘記密碼使用相同的散列系統。這是註冊過程以及如何保存密碼:

這個 - >註冊後我無法登錄。

// included db connection, password hash file etc.. 

//hash the password 
$hashedpassword = $user->password_hash($_POST['user_password'], PASSWORD_BCRYPT); 

    if(!isset($error)){ 

     try { 

      $stmt = $pdo->prepare('INSERT INTO users (user_username, user_password, user_email) VALUES (:user_username, :hashedpassword, :user_email)'); 

      $stmt->execute(array(
       ':user_username' => $_POST['user_username'], 
       ':hashedpassword' => $hashedpassword, 
       ':user_email' => $_POST['user_email'] 
      )); 

     } catch(PDOException $e) { 
       var_dump ($e->getMessage()); 
       exit; 
     } 
    } 
    // html part 
    <div class="form-group"> 
     <label class="control-label col-sm-2" for="password">Password:</label> private function get_user_hash($username){ 

    try { 
     $stmt = $this->_db->prepare("SELECT user_password FROM users WHERE user_username = :username AND active='Yes'"); 
     $stmt->execute(array('username' => $username)); 

     $row = $stmt->fetch(); 
     return $row['user_password']; 

    } catch(PDOException $e) { 
     echo '<p class="bg-danger">'.$e->getMessage().'</p>'; 
    } 
} 

public function login($username,$password){ 

    $hashed = $this->get_user_hash($username); 

    if($this->password_verify($password,$hashed) == 1){ 

     $_SESSION['loggedin'] = true;   
     return true; 
    } 
} 
     <div class="col-sm-10"> 
     <input type="password" class="form-control" name="user_password" id="user_password" placeholder="Enter password"> 
     </div> 
</div>

重置密碼。 這個 - >我可以在密碼更改後登錄。

if(!isset($error)){ 

    //hash the password 
    $hashedpassword = $user->password_hash($_POST['user_password'], PASSWORD_BCRYPT); 

    try { 

     $stmt = $pdo->prepare("UPDATE users SET user_password = :hashedpassword, resetComplete = 'Yes', active='Yes' WHERE resetToken = :token"); 
     $stmt->execute(array(
      ':hashedpassword' => $hashedpassword, 
      ':token' => $row['resetToken'] 
     )); 

     //redirect to index page 
     header('Location: index.php?action=resetAccount'); 
     exit; 

    //else catch the exception and show the error. 
    } catch(PDOException $e) { 
     $error[] = $e->getMessage(); 
    } 

} 
<div class="input-group input-group-lg"> 
    <span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span> 
     <input type="password" class="form-control" name="user_password" id="user_password" placeholder="Enter your new password"/> 
</div> 
<div class="input-group input-group-lg"> 
    <span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span> 

     <input type="password" class="form-control" name="passwordConfirm" id="passwordConfirm" placeholder="Re-enter your new password" /> 
</div>

我沒有看到任何不同。他們都使用相同的數據庫連接,相同的數據庫表,相同的密碼散列文件。我不知道該怎麼辦。

更新:密碼的數據庫字段是VARCHAR(120)所以它有足夠的空間來散列。此外,我敢肯定,前1-2周,全是因爲我創造了一些帳戶..我不會改變任何東西,現在我無法登錄..

UPDATE2完美工作: user.php的..

include('password.php'); 
$pdo = Database::connect(); 
class User extends Password{ 

private $_db; 

function __construct($pdo){ 
    parent::__construct(); 

    $this->_db = $pdo; 
} 
private function get_user_hash($username){ 

    try { 
     $stmt = $this->_db->prepare("SELECT user_password FROM users WHERE user_username = :username AND active='Yes'"); 
     $stmt->execute(array('username' => $username)); 

     $row = $stmt->fetch(); 
     return $row['user_password']; 

    } catch(PDOException $e) { 
     echo '<p class="bg-danger">'.$e->getMessage().'</p>'; 
    } 
} 

public function login($username,$password){ 

    $hashed = $this->get_user_hash($username); 

    if($this->password_verify($password,$hashed) == 1){ 

     $_SESSION['loggedin'] = true;   
     return true; 
    } 
}

的index.php其中登錄表單

//html part 
<div class="input-group input-group-lg"> 
    <span class="input-group-addon"><i class="glyphicon glyphicon-lock red"></i></span> 

    <input type="password" class="form-control" name="password" id="password" placeholder="password" /> 
</div> 

// php part 
// include database, user.php 
if(isset($_POST['submit'])){ 

$username = $_POST['username']; 
$password = $_POST['password']; 

if($user->login($username,$password)){ 

      $id=$user->login_user_id($username);// get user id 
      $permissions=$user->login_user_permissions($username);// get user role 


     $_SESSION['user_id'] = $id;// assing user_id to session 
     $_SESSION['user_username'] = $username; 
     $_SESSION['user_role'] = $permissions; 
    header('Location: admin/index.php'); 
    exit; 

} else { 
    header('Location: index.php'); 
    echo ''; 

} 
}

來源

2016-04-22 S.I.

+0

添加代碼,您嘗試使用密碼登錄和用戶crdential –

+0

我忘了它..對不起。只需一秒鐘。 –

+0

是'$ user-> password_hash()'傳遞給'password_hash()'? – Scuzzy

回答

0

在報名表進行此:

$stmt = $pdo->prepare('INSERT INTO users (user_username, user_password, user_email) VALUES (:user_username, :hashedpassword, :user_email)');

這在您驗證這兩個密碼我注意到,你檢查選擇和檢查現場active .. AND active='Yes'登錄表單後...

$stmt = $this->_db->prepare("SELECT user_password FROM users WHERE user_username = :username AND active='Yes'");

在密碼更改部分,你更新此同一領域active='Yes' ...

​​

因此,如果您在數據庫中設置或不設置此列,請檢查註冊表格。或者你把一些默認值?

來源

2016-04-25 04:23:42

+0

你是對的。我在註冊用戶時沒有設置「active」。所以當他嘗試登錄時沒有通過檢查。愚蠢的錯誤..我不敢相信。 –

相關問題

 相關問題