doushichi3678 2017-11-21 11:45
浏览 63


I encrypt my password when sign up and I want to create login page which checks password. I hash password which is written by user in login page and check if it is equal with password in database?

But when I hash true password in login page, it is not equal with in database. SQL injection or other security problems are not important in this situation. I search too much but I cannot solve this problem. Can anyone help me please.


  include_once "connection.php";
  if (isset($_POST['submit'])) { // <- Code will run only when the submit button is clicked

      if($_POST['username'] && $_POST['password']) {
        $username  =  $_POST['username'];
        $pa = $_POST['password'];
        $password = password_hash($_POST['password'], PASSWORD_DEFAULT); // Encrypt the password)

        $pas = "SELECT pass FROM studenttable WHERE nickname='$username'";

         $result = mysqli_query($con, $pas) or die("Error: ".mysqli_error($con));  // assign the return value of mysqli_query to $res
           echo "mysqli_query successed <br>";
           if($result === FALSE) {
                die(mysql_error()); // TODO: better error handling
                if(mysqli_num_rows($result) != 0){

                  while ($row = $result->fetch_assoc()) {
                      $pass = $row['pass'];
                      echo "pass is = $pass <br>";

                   echo "pass: $pass ----------------- password: $password <br>";
                   if(password_verify($pa , $pass)){
                     echo "login successfully";
                   echo "password: $pa ................. pass: $pass <br>";
                    else {
                      echo "pa: $pa ------------ pass: $pass<br>";
                      echo "wrong password";
                      //header('Location: logindif.html');


mysqli_query successed pass is = $2y$10$PN4l74qTmVJ2j0BOJ5TWAulEX5p3nbkUM9Z9dc pass: $2y$10$PN4l74qTmVJ2j0BOJ5TWAulEX5p3nbkUM9Z9dc ----------------- password: $2y$10$kgx0EmAFSIOXGMyIsUgOZO8MyRoc4rLzo0PQXOe5lLeAxLO7e3FM. pa: 123456 ------------ pass: $2y$10$PN4l74qTmVJ2j0BOJ5TWAulEX5p3nbkUM9Z9dc wrong password


if (isset($_POST['submit'])) { // <- Code will run only when the submit button is clicked

    // Here the database is included. No need for mysqli_select_db
    $conn = new mysqli('localhost', 'root', '123456', 'inputdatabase');

    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);

    $_SESSION['user'] = 'username';
    $username = $_POST['username'];
    $password = password_hash($_POST['password'], PASSWORD_DEFAULT); // Encrypt the password)

    // Its always good to prepare your sql statements.
    $prep = $conn->prepare("INSERT INTO studenttable (nickname, pass) VALUES (?,?)");

    $stmt = $conn->prepare("SELECT nickname FROM studenttable WHERE nickname=?");
    $stmt->bind_param("s", $username);

     $sameuser= mysqli_real_escape_string($conn, $_POST['username']);
    if (!empty($username))  {
        $mostrar = $result->num_rows;

            $prep->bind_param("ss", $username, $password);

            $send = $prep->execute();

            if ($send === TRUE) {
                echo "New record created successfully";    //<-- You won't get to see this because of the next line.
                header('Location: index.php');
            } else {
                echo "Error: " . $conn->error;
                header('Location: signupsqlerror.html');
         }else {
            header('Location: signupdif.html');
  • 写回答

1条回答 默认 最新

  • duanrongshi1544 2017-11-21 12:08

    Your database password column is not long enough, and it's truncating the values. From the manual:

    Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).

    You need a column that's at least 60 characters long, and ideally 255 for future-proofing.

    Unfotunately, inserting a 60 character string into a 45 character column won't raise any errors, it'll just chop off the last part of the hash.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥15 (标签-matlab)
  • ¥15 深度学习目标检测现在框架加注意力的创新可以投几区?
  • ¥15 PdfiumViewer pdf转图片
  • ¥15 利用Java连接API接口总是出问题
  • ¥15 请教一个关于镜头标定,棋盘格格子大小的问题(畸变测试)
  • ¥15 安装GroudingDINO RuntimeError: Error compiling objects for extension
  • ¥15 急!C++指针编写相关的问题
  • ¥15 kerberos身份认证配置问题
  • ¥30 用python写一个多签情况下波场的代理资源和回收资源
  • ¥15 matlab学期例题代码答疑