写入数据库后，password_verify不匹配

I think my problem is environmental, but I have tapped everything I can think of to find it. The code was working fine 3 weeks ago, and suddenly stopped a few days ago. I haven't updated the O/S or PHP in that timeframe.

I'm using password_hash to create a password from a $_POST variable, and then writing it to a MySQL database field (set to varchar(255)). After the problem came up I added test code to do password_verify on the variable in memory before writing to the database, and then re-read the value from the database after writing it there. In both cases it returns as a match. However, any other page trying to run password_verify returns as a mismatch. I have captured the initial hash and visually compared it to the value in the database and they are identical. Both servers (the one that generates the hash and the one that reads it when the user logs in are both running the same version of php (5.6.9-0+deb8u1).

Here's my complete code in it's current state of debugging. In the code below the commented out line using PASSWORD_DEFAULT is what I was originally using. I tried BCRYPT option just to see if it would fix it. I also tried putting $_POST['password'] into a variable instead of calling it directly, and wrapping a trim around it. Everything seems fine until I leave this page and try from another page. I have also checked the items discussed in other posts on the web.

//USER DOES NOT EXIST 
mysqli_close($con);
if (mysqli_connect_errno())
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
    $error = true;
}
// New user - add them to database
echo "Creating your account. <br>";
$pwd = $_POST['password'];
//$password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT);    
$password = password_hash($pwd, PASSWORD_BCRYPT);   
echo $password . '<br>';


$sel = 'CALL sp_add_user("'. $_POST['firstname'] . '","'. $_POST['lastname'] . '","'. $_POST['email1'] . 
    '","'. $_POST['city'] . '","'. $_POST['country'] . '","'. $password . '","'. $timestamp . '")';

$con=mysqli_connect($conip,$dbuser,$dbpw,$mgrdb);
if(!mysqli_query($con, $sel))
{
    echo("Error description: " . mysqli_error($con));
}
else{
    mysqli_close($con);
    //verify the password in the DB is good
    $sel='CALL sp_get_pwd("' . $_POST['email1'] . '")';
    //echo $sel;
    $con=mysqli_connect($conip,$dbuser,$dbpw,$mgrdb);
    $result = mysqli_query($con, $sel);
    if (mysqli_num_rows($result)>0){
        while($row = mysqli_fetch_array($result)) {
            $dbpwd = $row['password'];
        }
    }
    echo $dbpwd . '<br>';
    if(password_verify(trim($_POST['password']), $dbpwd)){echo 'Match<br>'; } else { echo 'Match failed<br> ';} 
    mysqli_close($con);

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douzhang1955 2015-08-20 15:53
关注
I simulated your code without database and form fetching, and it runs ok. It means there's something wrong either with your database or with your POST fields.

// New user - add them to database echo "Creating your account. "; $pwd = '12345'; //$password = password_hash(trim($_POST['password']), PASSWORD_DEFAULT); $password = password_hash($pwd, PASSWORD_BCRYPT); echo $password . ' '; $dbpwd = $password; echo $dbpwd . ' '; if(password_verify(trim($pwd), $dbpwd)) { echo 'Match '; } else { echo 'Match failed '; }

Output:

Creating your account. $2y$10$iw6fSApO7Ok0ySZ.OsQqbe.DpVrvzJ86ZYIsWYg5060hyXbBYEiee $2y$10$iw6fSApO7Ok0ySZ.OsQqbe.DpVrvzJ86ZYIsWYg5060hyXbBYEiee Match

Use var_dump on your hashed $password var before the INSERT, then again with your $dbpwd after the SELECT and see if you get anything wrong. Also, check your PHP project scripts and your database schema for conflicting charset definitions.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

写入数据库后，password_verify不匹配 php
2015-08-20 15:15

回答 1 已采纳 I simulated your code without database and form fetching, and it runs ok. It means there's somethi
php password_hash和password_verify失败 php
2017-10-22 11:17

回答 2 已采纳 You can do this via while loop and mysqli_fetch_array(). That must solve your problem.: [UPDATED]
无法使用password_verify验证密码 php
2019-01-10 21:17

回答 2 已采纳 @YashKaranke what is the password column's length? – Funk Forty Niner @FunkFortyNiner It is 5
Web应用隐形后门的设计与实现
2022-04-27 07:58

Sword-heart的博客本文将涉及许多具体代码，如果乍看看不明白也不要紧，可以直接跳过，我会随后对其进行详尽的介绍。 0x01 卑鄙密码竞赛继“卑鄙C程序大赛”之后，从2015开始，Defcon黑客大会又推出了“卑鄙密码竞赛”，以寻找和...
PHP中的password_verify无法使用数据库 mysql php
2015-12-03 11:49

回答 1 已采纳 You are not passing the user password into password_hash() function. The first parameter should be
PHP：password_verify总是返回false php
2017-04-29 12:13

回答 2 已采纳 You need to pass simple text password without hash as first param if ( password_verify($login_pas
使用password_verify登录CodeIgniter php
2019-01-09 19:31

回答 1 已采纳 What you need to do is fetch the record from the DB where only the email matches (assuming it is t
【PHP教程（二）】php登陆验证（附代码）
2023-02-13 14:38

Almond_02的博客可以使用 PHP 创建登录脚本。PHP 提供了用于处理用户身份验证和会话的内置函数和功能，这是登录系统的基本组件。这些功能允许您安全地存储和验证用户凭据，并在用户与您的网站或应用程序的交互过程中维护用户会话。...
登录时如何检查Password_Verify哈希？ php
2018-01-29 04:36

回答 3 已采纳 Your code is vulnerable to SQL-Injection Please use Prepared Statements instead of inserting your
password_verify不在PHP的子域中工作 php
2016-04-08 13:34

回答 1 已采纳 password_verify was only introduced with PHP 5.5 - if your subdomain site is running on a lower ve
password_verify功能不起作用 php sql
2016-02-27 04:26

回答 1 已采纳 password_verify($password, $passwordHash) this returns a boolean value. What you should do is to u
PHP语言实现网站登录功能
2020-02-09 09:29

戴翔的技术博客的博客使用PHP链接MySQL数据库进行登录验证。创建数据表首先，在数据库中创建登录功能所需要用到的数据表。该表应该包含用户名、密码、登录次数、最近一次登录时间、最近一次登录IP等字段。创建代码如下： DROP TABLE IF...
为什么password_verify返回false？ php
2018-06-18 13:18

回答 1 已采纳 There are a variety of reasons why password_verify could be returning false, it can range from the
CTF php反序列化总结
2022-11-17 11:36

E1gHt_1的博客前言：本⼈⽔平不⾼，只能做⼀些类似收集总结这样的⼯作，本篇文章是我自己在学php反序列化写的一篇姿势收集与总结，有不对的地方欢迎师傅们批评指正~定义：序列化就是将对象转换成字符串。反序列化相反，数据的格式...
使用PHP和Apple Passbook的数字票
2020-08-13 04:14

culi3118的博客 Why should we PHP warriors care at all about Apple’s Passbook? Well first because Apple made this technology open (well, sort of…), second because it can be used outside iOS devices, and third ...
使用thinkphp添加会员到期时间为什么对不上，向数据库添加一天时间就会自动添加3天时间
2021-12-13 10:35

菜鸟️代码的博客使用thinkphp添加会员到期时间为什么对不上，向数据库添加一天时间就会自动添加3天时间添加一个月就会自动添加三个月，而且添加到数据库的时间过10几秒刷新一下就会自动增加一天时间， IndexController.class.php...
flask 8用户认证_Salted Password Hashing
2021-08-25 01:11

风车转呀转的博客 because we want to store passwords in a form that protects them even if the password file itself is compromised, but at the same time, we need to be able to verify that a user's password is correct....
【php毕业设计】基于php+mysql+apache的在线购物网站设计与实现（毕业论文+程序源码）——在线购物网站
2022-06-29 13:54

毕业设计方案专家的博客大家好，今天给大家介绍基于php+mysql+apache的在线购物网站设计与实现，文章末尾附有本毕业设计的论文和源码下载地址哦。文章目录：项目难度：中等难度适用场景：相关题目的毕业设计配套论文字数：13738个字32页...
php数据采集源码,PHP实现一个简单的数据采集
2021-03-23 11:50

张涵赫的博客那PHP如何实现数据采集呢？非常简单。概念那什么是数据采集呢？以下是百度百科的介绍：数据采集，又称数据获取，是利用一种装置，从系统外部采集数据并输入到系统内部的一个接口。数据采集技术广泛应用在...
没有解决我的问题, 去提问

悬赏问题

¥15 微信会员卡接入微信支付商户号收款
¥15 如何获取烟草零售终端数据
¥15 数学建模招标中位数问题
¥15 phython路径名过长报错不知道什么问题
¥15 深度学习中模型转换该怎么实现
¥15 HLs设计手写数字识别程序编译通不过
¥15 Stata外部命令安装问题求帮助！
¥15 从键盘随机输入A-H中的一串字符串，用七段数码管方法进行绘制。提交代码及运行截图。
¥15 TYPCE母转母，插入认方向
¥15 如何用python向钉钉机器人发送可以放大的图片？

写入数据库后，password_verify不匹配

1条回答 默认 最新

悬赏问题

1条回答默认最新