dqphg40600 2015-09-16 20:15
浏览 84
已采纳

password_verify不起作用[关闭]

Heres my code: -- registered.php -- this file sends the new users username and password to the database

<?php include "config.php"; ?>
<?php 
    $username = $_POST['username'];
    $email = $_POST['email'];
    $mypassword = $_POST['password'];
    $defaultrank = "user";
    $password=password_hash($mypassword, PASSWORD_BCRYPT);
?>


<?php if(isset($_REQUEST['submit'])) { ?>
<?php
$sql = "INSERT INTO usr (username, password, email, rank)
VALUES ('$username', '$password', '$email', '$defaultrank')";

if ($conn->query($sql) === TRUE) { ?>


<meta http-equiv="refresh" content="0; url=register.php#registrationsuccess" />

<?php }
else{ ?>
<meta http-equiv="refresh" content="0; url=register.php#registrationfailed" />
<?php } ?>





<?php $conn->close(); ?>
<?php } ?>

-- redir.php -- This sends the login info to the database to be verified

<link rel="stylesheet" href="css/font-awesome.min.css">
<?php
session_start();
ob_start();
$host="localhost";
$user="root"; 
$pass="root"; 
$db="usr";  
$tbl="usr"; 

mysql_connect("$host", "$user", "$pass")or die("cannot connect"); 
mysql_select_db("$db")or die("cannot select DB");
include 'registered.php';

$myusername=$_POST['myusername']; 
$user = $myusername;
$mypassword=$_POST['mypassword']; 
$pass = $mypassword;
// $password=md5($mypassword);
$hashAndSalt = password_hash($password, PASSWORD_BCRYPT);
$savemyusername = $myusername;
$savemypassword = $mypassword;

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl WHERE username='$myusername' and password='password_verify($password, $hashAndSalt)'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);
if($count==1){
// Sessions //
$_SESSION["pass"] = $pass;
$_SESSION["user"] = $user;
// END //
echo <<<EOF
<meta http-equiv="refresh" content="0; url=membersarea.php" />
EOF;
}

else { ?>
<meta http-equiv="refresh" content="0; url=login.php#loginfailed" />
<?php 
}

ob_end_flush();
?>

The login system works fine with md5 Also the data from registered.php gets sent hashed to the database, its just verifying the data which is the problem

  • 写回答

1条回答 默认 最新

  • duandu5846 2015-09-16 20:24
    关注
    $sql="SELECT [..snip..] and password='password_verify($password, $hashAndSalt)'";
                                      ^^^^^^^^^^^^^^^

    You cannot embed PHP code in a string and expect PHP to execute it, nor will MySQl execute PHP code for you, since MySQL has absolutely no idea what PHP is.

    Even if that php function call did magically somehow get executed, it can only ever return a boolean value, so your code would (in the magic kingdom) boil down to two possiblities:

    ... password = false
... password = true
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 组策略中的计算机配置策略无法下发
  • ¥15 如何绘制动力学系统的相图
  • ¥15 对接wps接口实现获取元数据
  • ¥20 给自己本科IT专业毕业的妹m找个实习工作
  • ¥15 用友U8:向一个无法连接的网络尝试了一个套接字操作,如何解决?
  • ¥30 我的代码按理说完成了模型的搭建、训练、验证测试等工作(标签-网络|关键词-变化检测)
  • ¥50 mac mini外接显示器 画质字体模糊
  • ¥15 TLS1.2协议通信解密
  • ¥40 图书信息管理系统程序编写
  • ¥20 Qcustomplot缩小曲线形状问题