douhao2721 2017-01-24 14:33
浏览 43
已采纳

password_verify()未验证

I am trying to verify the hashed password in my database using the password_verify() function but it doesn't seem to be working. Any help please.

<?php
include("config.php");
include("vendor/password.php");

session_start();

if ($_SERVER["REQUEST_METHOD"] == "POST") {

  $username = mysqli_real_escape_string($db , $_POST['umail']);
  $password = mysqli_real_escape_string($db , $_POST['upassword']);

  $userQuery = "SELECT username, password FROM users WHERE username = '$username' AND password='$password'";
  $result    = mysqli_query($db ,$userQuery);
  $queryRow  = mysqli_fetch_array($result , MYSQLI_ASSOC);
  $queryCount = mysqli_num_rows($result);


  $verifyPassowrd = password_verify($_POST['upassword'] , $queryRow[2]);

  if ($verifyPassowrd){
    header("Location:home.php"); 
  }else{
    echo  "Username Or Password is invalid";
  }
  mysqli_close($db);
}
 ?>
  • 写回答

1条回答 默认 最新

  • dourong4031 2017-01-24 14:44
    关注

    Your password is hashed in your database.
    In your query you include a non-hashed password, so the results of the query will be an empty set.

    No need to have the password in the WHERE clause of your query, because you want to check the returned hash in the password_verify function.

    Updated snippet (I also fixed the typo's):

    <?php
include("config.php");
include("vendor/password.php");

session_start();

if ($_SERVER["REQUEST_METHOD"] == "POST") {

  $username = mysqli_real_escape_string($db , $_POST['umail']);

  $userQuery = "SELECT username, password FROM users WHERE username = '$username'";
  $result    = mysqli_query($db, $userQuery);
  $queryRow  = mysqli_fetch_array($result, MYSQLI_ASSOC);
  $queryCount = mysqli_num_rows($result);


  $verifyPassword = password_verify($_POST['upassword'], $queryRow['password']);

  if ($verifyPassword){
    header("Location:home.php"); 
  }else{
    echo  "Username Or Password is invalid";
  }
  mysqli_close($db);
}
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于大棚监测的pcb板设计
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥15 帮我写一个c++工程