dplp5928 2016-02-27 04:26
浏览 116
已采纳

password_verify功能不起作用

Hey all i'm having issues with the password_verify function. Register is working but for some odd reason it just says incorrect when i'm trying to use it for login.

Here's my code(don't judge please, i'm still fairly new to everything.

$username = $_POST['username'];
$password = $_POST['password'];
$SQLSelect = $odb -> prepare("SELECT * FROM `users` WHERE `username` = :username");
$SQLSelect -> execute(array(':username' => $_POST['username']));
while ($show = $SQLSelect -> fetch(PDO::FETCH_ASSOC))
{
$passwordHash = $show['password'];
}
$date = strtotime('-1 hour', time());
$attempts=$odb->query("SELECT COUNT(*) FROM `loginlogs` WHERE `ip` = '$ip' AND `username` LIKE '%failed' AND `date` BETWEEN '$date' AND UNIX_TIMESTAMP()")->fetchColumn(0);

//Check fields
if (empty($username) || empty($password) || !ctype_alnum($username) || strlen($username) < 4 || strlen($username) > 15)
{
die(error('Please fill in all fields.'));
}

//Check login details
echo $passwordHash;
$SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
$SQLCheckLogin -> execute(array(':username' => $username, ':password' => password_verify($password, $passwordHash)));
$countLogin = $SQLCheckLogin -> fetchColumn(0);
if (!($countLogin == 1))
{
$SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), 'XX')");
$SQL -> execute(array(':username' => $username." - failed",':ip' => $ip));
die(error('Username or password are invalid.'));

Does anyone have a clue why this isn't working? i double checked everything and it should be fine, also the echo $passwordHash was just me checking if i was able to get the password which worked fine. :/

  • 写回答

1条回答 默认 最新

  • duanfan8699 2016-02-28 00:58
    关注

    password_verify($password, $passwordHash) this returns a boolean value. What you should do is to use it to verifies that a password matches a hash. Remove all this:

    $SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
$SQLCheckLogin -> execute(array(':username' => $username, ':password' => password_verify($password, $passwordHash)));
$countLogin = $SQLCheckLogin -> fetchColumn(0);
if (!($countLogin == 1))

    And simply do this:

    if (!password_verify($password, $passwordHash)) {
    // ...
    die(error('Username or password are invalid.'));
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 给自己本科IT专业毕业的妹m找个实习工作
  • ¥15 用友U8:向一个无法连接的网络尝试了一个套接字操作,如何解决?
  • ¥30 我的代码按理说完成了模型的搭建、训练、验证测试等工作(标签-网络|关键词-变化检测)
  • ¥50 mac mini外接显示器 画质字体模糊
  • ¥15 TLS1.2协议通信解密
  • ¥40 图书信息管理系统程序编写
  • ¥20 Qcustomplot缩小曲线形状问题
  • ¥15 企业资源规划ERP沙盘模拟
  • ¥15 树莓派控制机械臂传输命令报错,显示摄像头不存在
  • ¥15 前端echarts坐标轴问题