无法使用预准备语句从数据库中提取密码哈希

EDIT: To clarify, I am unable to extract the hashed password from my database using prepared statements.

I'm trying to create a login system that uses prepared statements, password_hash and password_verify.

I have created the registering form that creates the user, with the hashed password using password_hash($_POST['password'], PASSWORD_DEFAULT);

This works properly.

However, I am now stuck on creating the login form.

I am trying to get the password hash that gets stored when a user registers but I cannot get it to work with prepared statements.

This is what I currently have.

<?php
require('db.php');

if(isset($_POST['submit'])) {
  $stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');

  if($stmt) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt->bind_param('s', $username);

    $stmt->execute();

  }
}

?>

How do I use the data that I got from the select query? And how do I use it to verify the password?

I tried:

$stmt->store_result();
$stmt->bind_result($loginUsername, $hash);

That only stored the username, but not the password hash and I have no clue why.

Verifying the password would use this? password_verify($password, $hash);

UPDATE

<?php
require('db.php');

if(isset($_POST['submit'])) {
  $stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');

  if($stmt) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $stmt->bind_param('s', $username);

    $stmt->execute();

    // Get query results
    $result = $stmt->get_result();

    // Fetch the query results in a row
    while($row = $result->fetch_assoc()) {
      $hash = $row['user_password'];
      $username = $row['user_name'];
    }

    // Verify user's password $password being input and $hash being the stored hash
    if(password_verify($password, $hash)) {
      // Password is correct
    } else {
      // Password is incorrect
    }

  }
}

?>

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

dsdvr06648 2018-04-26 18:19

关注

Read this PHP MANUAL.Try this:

 <?php
    require('db.php');

    if(isset($_POST['submit'])) {
      $stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');

      if($stmt) {
        $username = $_POST['username'];
        $password = $_POST['password'];

        $stmt->bind_param('s', $username);

        $stmt->execute();

        // Get query results
        $stmt->bind_result($user_name,$hash);
        $stmt->store_result();

        // Fetch the query results in a row
        $stmt->fetch();

        // Verify user's password $password being input and $hash being the stored hash
        if(password_verify($password, $hash)) {
          // Password is correct
        } else {
          // Password is incorrect
        }

      }
    }

    ?>

This is how I created my login system:

$stmt = mysqli_prepare($link,"SELECT user_email,user_password,user_firstname,user_lastname,user_role,username FROM users WHERE user_email=?");
        mysqli_stmt_bind_param($stmt,"s",$email);
        mysqli_stmt_execute($stmt);
        confirmQuery($stmt);
        mysqli_stmt_bind_result($stmt,$user_email,$user_password,$user_firstname,$user_lastname,$user_role,$username);
        mysqli_stmt_store_result($stmt);
        mysqli_stmt_fetch($stmt);
        if(mysqli_stmt_num_rows($stmt) == 0)
            relocate("../index.php?auth_error=l1");
        else{
            if(password_verify($password,$user_password)){
                $_SESSION['userid'] = $user_email;
                $_SESSION['username'] = $username;
                $_SESSION['firstname'] = $user_firstname;
                $_SESSION['lastname'] = $user_lastname;
                $_SESSION['role'] = $user_role;
                if(isset($_POST['stay-logged-in']))
                    setcookie("userid", $email, time() + (86400 * 30), "/");
                relocate("../index.php?auth_success=1");
            }else
                relocate("../index.php?auth_error=l2");
        }
        mysqli_stmt_close($stmt);

本回答被题主选为最佳回答 , 对您是否有帮助呢?

报告相同问题？

关注问题

无法使用预准备语句从数据库中提取密码哈希 mysql php
2018-04-26 17:44

回答 1 已采纳 Read this PHP MANUAL.Try this: <?php require('db.php'); if(isset($_POST['submit']))
如何检查数据库的哈希密码 mysql php sql
2017-09-30 18:39

回答 1 已采纳 You need to get the input password hashed again and before binding it with your prepare statement.
是否需要从数据库中获取哈希？ password_hash bcrypt [复制] mysql php
2017-06-20 20:44

回答 1 已采纳 Yes, it's necessary. You need the unique salt generated during hashing, encoded as part of the has
数据中台建设方案-基于大数据平台
2023-03-14 16:42

FRDATA1550333的博客通过对客户大数据应用平台服务需求的理解，根据建设目标、设计原则的多方面考虑，建议采用星环科技Transwarp Data Hub（TDH）大数据基础平台的架构方案，基于Transwarp Operating System（简称TOS）云平台方式部署...
Django 使用admin模块创建模型数据时保存的密码未经过哈希加密 django python 后端
2023-01-31 14:28

回答 2 已采纳因为你不是用的django的用户认证系统的话，你想要密码加密的话可以使用django提供的make_password方法重写模型类的save方法。示例如下： from django.contrib.
无法在MySQL中获取登录表单的哈希密码 mysql php
2019-04-06 07:42

回答 1 已采纳 This form is included in another site, in which a database was already selected. By removing it (;
我的密码被哈希并保存在数据库中，但它与用户在文本框中提供的密码无法匹配 php
2015-09-11 08:52

回答 1 已采纳 You are not converting input password to hashed password. Because, in table Hashed Password is sav
详解大中小数据常用数据库的SQL语句、函数以及常见优化
2022-10-16 11:59

看不见的罗辑的博客本篇文章主要介绍目前我在目前项目中使用过的一些数据库的用法，像关系型数据库Sql Server，大数据数据库Hive,Hbase。总体上，文章内容偏基础，适用于那些需要使用数据库做开发或者课程设计实践的同学。本文重点介绍...
无法在WordPress中的自定义用户注册中使用手动哈希密码登录WordPress管理员 php
2017-11-29 14:41

回答 1 已采纳 function process_registration() { global $wpdb; $password_converter=wp_hash_password('tar
在yii2登录中需要密码哈希，令牌，身份验证密钥 php
2017-07-22 12:23

回答 1 已采纳 There are methods to crack an md5-hash, so md5 is not meeting the requirements for good data secur
将数据库中的文本密码转换为哈希密码？ mysql php
2010-10-20 20:48

回答 3 已采纳 First, backup your database with mysqldump. For example bash#> mysqldump -u username -p nameof
使用DB2 pureXML管理蛋白质数据库
2020-06-17 18:46

cuyi7076的博客蛋白质数据库（ PDB.org ）是有关生物分子（主要是蛋白质）的结构数据的全球档案。蛋白质数据库（PDB）由多个成员组织管理，这些组织负责存放，维护，加工和免费提供此生物学数据给科学界。为了提供灵活性，可扩展...
将密码哈希脚本从GO转换为Node.js node.js
2017-02-06 08:16

回答 1 已采纳 var crypto = require('crypto'); function test(pwd, key) { var input = key.concat(pwd) var
大数据ETL开发之图解Kettle工具入门到精通（附上kettle安装包）
2021-09-25 07:14

袁袁袁袁满的博客 大数据ETL开发之图解Kettle工具入门到精通（附上kettle安装包）
使用 .NET 5 体验大数据和机器学习
2020-11-18 07:35

dotNET跨平台的博客 大数据与传统工作负载之间的关键区别在于，大数据往往过于庞大、复杂或多变，传统数据库和应用程序无法处理。一种流行的数据分类方式被称为 "3V"（译注：即3个V，Volume 容量、Velocity 速度、Variety 多样性）。 ...
没有解决我的问题, 去提问

悬赏问题

¥15 js调用html页面需要隐藏某个按钮
¥15 ads仿真结果在圆图上是怎么读数的
¥20 Cotex M3的调试和程序执行方式是什么样的？
¥20 java项目连接sqlserver时报ssl相关错误
¥15 一道python难题3
¥15 牛顿斯科特系数表表示
¥15 arduino 步进电机
¥20 程序进入HardFault_Handler
¥15 oracle集群安装出bug
¥15 关于#python#的问题：自动化测试

码龄粉丝数原力等级 --

无法使用预准备语句从数据库中提取密码哈希

1条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

无法使用预准备语句从数据库中提取密码哈希

1条回答 默认 最新

悬赏问题

1条回答默认最新