dqqy64515 2017-10-22 11:17
浏览 99
已采纳

php password_hash和password_verify失败

Basic question but I keep failing. Have checked out similar topics but didn't get closer to the solution, so please don't redirect me just point out what I'm missing. Thank you.

<?php 

$hashed_password = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

$password = ($_POST["reg_password"]);

$hashed_password = password_hash($password, PASSWORD_DEFAULT);

$query = mysqli_query($con, "INSERT INTO user VALUES('', '$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>

This is the registering part and it is working flawlessly. The provided password is getting hased and stored in the DB.

<?php

include "register.php";

$con = mysqli_connect("localhost", "root", "", "testTable");

if(isset($_POST["login_button"])){

    $password = password_verify($_POST["login_password"], $hashed_password);

    $checkDB = mysqli_query($con, "SELECT * FROM user WHERE password = '$password'");

    $checkLogin = mysqli_num_rows($checkDB);

    if($checkLogin == 1){
        $row = mysqli_fetch_array($checkDB);

        echo "Welcome";
    }

    else {
        echo "Password incorrect";
    }
}
?>

This is the login part and it always fails. I suspect the following snippet to be the culprit:

$password = password_verify($_POST["login_password"], $hashed_password);

but have no idea how to fix it.

Any help would be great. Thank you!

UPDATED CODE:

register.php:

<?php 

$hashed_password = "";
$name = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

    $password = ($_POST["reg_password"]);
    $name = ($_POST["reg_name"]);

    $hashed_password = password_hash($password, PASSWORD_DEFAULT);

    $query = mysqli_query($con, "INSERT INTO user VALUES('', '$name','$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="text" name="reg_name" placeholder="Name">
        <br><br>
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="text" name="login_name" placeholder="Name">
        <br><br>
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>

login.php:

<?php

include "register.php";

$con = mysqli_connect("localhost", "root", "", "testTable");

if(isset($_POST["login_button"])){

    $name = $_POST['login_name'];
    $password = $_POST['login_password'];

    $checkDB = mysqli_query($con, "SELECT * FROM user WHERE name = '$name'");

    $passwordField = null;

    while($getRow = mysqli_num_rows($checkDB)){
        $passwordField = $getRow['password']; // Get hashed password
    }

    if(password_verify($password, $passwordField)){
        echo('Correct');
    }else{
        echo('Wrong');
    }
}
?>
  • 写回答

2条回答 默认 最新

  • dtk31564 2017-10-22 11:45
    关注

    You can do this via while loop and mysqli_fetch_array(). That must solve your problem.: [UPDATED]

    <?php

$con = mysqli_connect("localhost", "root", "", "testtable");

if(isset($_POST["login_button"])){

    // $password = password_verify($_POST["login_password"], $hashed_password);
    $password = $_POST['password'];
    $checkDB = mysqli_query($con, "SELECT * FROM user");

    while($getRow = mysqli_fetch_array($checkDB)){
        $passwordRow = $getRow['password'];
    }

    if(password_verify($password, $passwordRow) === TRUE){
        echo('Welcome');
    }else{
    echo('Wrong credentials');
    }
}
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 2024-五一综合模拟赛
  • ¥15 下图接收小电路,谁知道原理
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭