password_verify不會返回true我會做什麼

Question

無論我在做什麼，我只會得到密碼或用戶名是不正確的字符串。什麼問題？我試圖運行php的網站示例，它工作，所以什麼我做錯了嗎？ 下面的代碼的傢伙：

<?php 

include __DIR__.'/includes/database.php'; 


class Login{ 

    public function validateCredentials($username, $password){ 
     global $mysqli; 
     $query = "SELECT password FROM users WHERE username = '".mysqli_real_escape_string($mysqli,$username)."';"; 
     $result = $mysqli->query($query); 
     $row = $result->fetch_array(MYSQLI_NUM); 
     if(password_verify($row['0'],$password)){return true;} 
     return false; 

    } 
} 

$object = new Login(); 

if(isset($_POST['username'])&&isset($_POST['password'])) 
{ 
    if($object->validateCredentials($_POST['username'],$_POST['password'])) 
    { 
     echo 'Logged in!'; 
    } 
    else 
    { 
     echo 'Password or username incorrect!'; 
    } 
} 
else 
{ 
    echo 'Username or password not entered!'; 
} 
?> 

Answer 1

讓我們爲password_verify檢查：

boolean password_verify (string $password , string $hash) 

看到的 - 第一個參數是密碼，第二個是哈希值。 在你的代碼是相反，你應該使用

if(password_verify($password, $row['0'])){return true;} 

Answer 2

嘗試......

<?php 

    include __DIR__.'/includes/database.php'; 


    class Login{ 

     public function validateCredentials($username, $password){ 
      global $mysqli; 
      $query = "SELECT password FROM users WHERE username = '".mysqli_real_escape_string($mysqli,$username)."';"; 
      $result = $mysqli->query($query); 
      $row = $result->fetch_array(MYSQLI_NUM); 
      return password_verify($password, $row['0']); 

     } 
    } 

    $object = new Login(); 

    if(isset($_POST['username'])&&isset($_POST['password'])) 
    { 
     if($object->validateCredentials($_POST['username'],$_POST['password'])) 
     { 
      echo 'Logged in!'; 
     } 
     else 
     { 
      echo 'Password or username incorrect!'; 
     } 
    } 
    else 
    { 
     echo 'Username or password not entered!'; 
    } 
    ?>