dongrong1856
2016-09-30 09:15
浏览 57
已采纳

PHP密码_verify()

I didn't take asking this question lightly as I've seriously gone over 50 links throughout the entire night trying to get password_verify() to work.

1- The Hash Is 100% Correct.
2- The Plain Text Verison Is 100% Correct.
3- The Hash Length Is In Fact 60.
4- Tried Password_Default And Password_Bcrypt
5- It Does Successfully Pull The Password Out Of The Database.

BUT

if(password_verify($answer,$secAnswer)){ } IS ALWAYS false.

Here is my Code.

  function anti_injection_login($sql, $formUse = true){
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!$formUse || !get_magic_quotes_gpc())
  $sql = addslashes($sql);
return $sql;
}


  $email = anti_injection_login($_POST['email']);
  $answer = anti_injection_login($_POST['answer']);
  $queryAccount = mysqli_query($conn, "SELECT * FROM Accounts where email= '$email'");
  $count = mysqli_num_rows($queryAccount);
  if($count == 1){
     $rows = mysqli_fetch_array($queryAccount);
     $secAnswer = $rows['secretkey'];

     if(password_verify($answer,$secAnswer)){
         echo "Successful";
     }else{
         echo "Try Again";
     }
  }

the anti_injection_login is just to stop people from injecting it. This is NOT the problem.
As no matter where I put an Echo with the $secAnswer and $answer it is always correct exactly as I would expect it to be.

Is there something I am missing guys? I am seriously stumped on this now.

(Yes this is the entire script). So I'm not leaving anything out. But as mentioned, it is successfully pulling the hash, (and is correct) according to the database version it's identical.

And the word I used for the hash is Identical (Tried both Upper case and Lowercase).

图片转代码服务由CSDN问答提供 功能建议

我没有轻轻地问这个问题因为我整个晚上都认真地超过了50个链接 让密码_verify()工作。

1-哈希是100%正确。
2-纯文本Verison 100%正确。
3-哈希 实际长度是60.
4-尝试Password_Default和Password_Bcrypt
5-它成功地将密码从数据库中拉出来。

但是 p>

  if(password_verify($ answer,$ secAnswer)){}始终为false。
   
 
 

这是我的代码 。

  function anti_injection_login($ sql,$ formUse = true){
 $ sql = preg_replace(“/(from | select | insert | delete | where | drop table |  show tables |,|'|#| \ * |  -  | \\\\)/ i“,”“,$ sql); 
 $ sql = trim($ sql); 
 $ sql = strip_tags($  sql); 
if(!$ formUse ||!get_magic_quotes_gpc())
 $ sql = addslashes($ sql); 
return $ sql; 
} 
 
 
 $ email = anti_injection_login($ _ POST ['  email']); 
 $ answer = anti_injection_login($ _ POST ['answer']  ); 
 $ queryAccount = mysqli_query($ conn,“SELECT * FROM Accounts where email ='$ email'”); 
 $ count = mysqli_num_rows($ queryAccount); 
 if($ count == 1){\  n $ rows = mysqli_fetch_array($ queryAccount); 
 $ secAnswer = $ rows ['secretkey']; 
 
 if(password_verify($ answer,$ secAnswer)){
 echo“Successful”; 
} else  {
 echo“再试一次”; 
} 
} 
   
 
 

anti_injection_login只是为了阻止人们注入它。 这不是问题所在。
无论我在哪里放置一个带有 $ secAnswer和$ answer的Echo,它总是正如我预期的那样正确。

我有什么遗漏的东西吗? 伙计们? 我现在非常难过。

(是的,这是整个剧本)。 所以我不会遗漏任何东西。 但如上所述,它成功地根据数据库版本提取哈希值(并且是正确的)它是相同的。

我使用的单词 对于散列是相同的(尝试大写和小写)。

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

相关推荐 更多相似问题