password_verify功能不起作用

Hey all i'm having issues with the password_verify function. Register is working but for some odd reason it just says incorrect when i'm trying to use it for login.

Here's my code(don't judge please, i'm still fairly new to everything.

$username = $_POST['username'];
$password = $_POST['password'];
$SQLSelect = $odb -> prepare("SELECT * FROM `users` WHERE `username` = :username");
$SQLSelect -> execute(array(':username' => $_POST['username']));
while ($show = $SQLSelect -> fetch(PDO::FETCH_ASSOC))
{
$passwordHash = $show['password'];
}
$date = strtotime('-1 hour', time());
$attempts=$odb->query("SELECT COUNT(*) FROM `loginlogs` WHERE `ip` = '$ip' AND `username` LIKE '%failed' AND `date` BETWEEN '$date' AND UNIX_TIMESTAMP()")->fetchColumn(0);

//Check fields
if (empty($username) || empty($password) || !ctype_alnum($username) || strlen($username) < 4 || strlen($username) > 15)
{
die(error('Please fill in all fields.'));
}

//Check login details
echo $passwordHash;
$SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
$SQLCheckLogin -> execute(array(':username' => $username, ':password' => password_verify($password, $passwordHash)));
$countLogin = $SQLCheckLogin -> fetchColumn(0);
if (!($countLogin == 1))
{
$SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), 'XX')");
$SQL -> execute(array(':username' => $username." - failed",':ip' => $ip));
die(error('Username or password are invalid.'));

Does anyone have a clue why this isn't working? i double checked everything and it should be fine, also the echo $passwordHash was just me checking if i was able to get the password which worked fine. :/

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duanfan8699 2016-02-28 00:58
关注
password_verify($password, $passwordHash) this returns a boolean value. What you should do is to use it to verifies that a password matches a hash. Remove all this:

$SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password"); $SQLCheckLogin -> execute(array(':username' => $username, ':password' => password_verify($password, $passwordHash))); $countLogin = $SQLCheckLogin -> fetchColumn(0); if (!($countLogin == 1))

And simply do this:

if (!password_verify($password, $passwordHash)) { // ... die(error('Username or password are invalid.')); }
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

password_verify功能不起作用 php sql
2016-02-27 04:26

回答 1 已采纳 password_verify($password, $passwordHash) this returns a boolean value. What you should do is to u
php password_hash和password_verify失败 php
2017-10-22 11:17

回答 2 已采纳 You can do this via while loop and mysqli_fetch_array(). That must solve your problem.: [UPDATED]
无法使用password_verify验证密码 php
2019-01-10 21:17

回答 2 已采纳 @YashKaranke what is the password column's length? – Funk Forty Niner @FunkFortyNiner It is 5
php password_hash和password_verify
2018-12-24 10:15

ljwy1234的博客 password_hash() 兼容 crypt()。所以， crypt() 创建的密码散列也可用于 password_hash()。当前支持的算法： PASSWORD_DEFAULT - 使用 bcrypt 算法 (PHP 5.5.0 默认)。注意，该常量会随着 PHP 加入更新更高...
PHP：password_verify总是返回false php
2017-04-29 12:13

回答 2 已采纳 You need to pass simple text password without hash as first param if ( password_verify($login_pas
password_verify不起作用[关闭] php
2015-09-16 20:15

回答 1 已采纳 $sql="SELECT [..snip..] and password='password_verify($password, $hashAndSalt)'";
PHP中的password_verify无法使用数据库 mysql php
2015-12-03 11:49

回答 1 已采纳 You are not passing the user password into password_hash() function. The first parameter should be
PHP password_hash 与 password_verify 使用
2021-05-07 15:44

夏已微凉、的博客一、代码二、浏览器输出三、不同语言的写法一、代码 public function test() { ... $pwd = "123456"; ... $hashed = password_hash($pwd, PASSWORD_DEFAULT);... $flag = password_verify($pwd, $hashed); if ($fla.
使用password_verify登录CodeIgniter php
2019-01-09 19:31

回答 1 已采纳 What you need to do is fetch the record from the DB where only the email matches (assuming it is t
登录时如何检查Password_Verify哈希？ php
2018-01-29 04:36

回答 3 已采纳 Your code is vulnerable to SQL-Injection Please use Prepared Statements instead of inserting your
为什么password_verify返回false？ php
2018-06-18 13:18

回答 1 已采纳 There are a variety of reasons why password_verify could be returning false, it can range from the
password verify php,PHP password_verify返回false
2021-04-28 10:03

zqk666m~~的博客我有2個項目1只是用來檢查用戶名和密碼，如果它們存在於數據庫中，它有password_verify()函數的工作，另一個你可以註冊然後登錄，但是在這個1函數password_verify總是返回false，即使我已經在兩個代碼中寫入了相同的...
password_verify（）未验证 php
2017-01-24 14:33

回答 1 已采纳 Your password is hashed in your database. In your query you include a non-hashed password, so the
password_hash, password_verify
2021-03-04 17:57

脚步6978的博客 password_verify() 函数用于验证密码是否和散列值匹配 vendor/laravel/framework/src/Illuminate/Hashing/BcryptHasher.php /** * Hash the given value. * * @param string $value * @param array $...
password_hash/password_verify/(JAVA)
2022-01-18 20:27

mollygogo的博客承接了一个新项目，需要继承旧的用户数据。 ... generatePasswordHash($password, $cost = null) ...return password_hash($password, PASSWORD_DEFAULT, ['cost' => $cost]); 账号密码解密使用
password_verify() 函数
2019-04-27 10:59

冷月醉雪的博客查看更多 https://www.yuque.com/docs/share/9418d648-43e4-4d44-a951-c0ff6d99d475
php password_php password_verify函数怎么用
2021-03-22 23:09

weixin_39755712的博客 php password_verify函数用于验证密码是否和散列值匹配，其语法是bool password_verify ( string $password , string $hash )，...php password_verify函数怎么用？password_verify() 函数用于验证密码是否和散列...
password_hash和password_verify函数
2020-03-26 17:19

十年砍柴---小火苗的博客 password_hash和password_verify函数一、前言 PHP5.5提供了许多新特性及Api函数，其中之一就是Password Hashing API(创建和校验哈希密码)。它包含4个函数：password_get_info()、password_hash()、password_needs...
php password_php – 在现有密码上使用password_verify
2021-03-22 23:09

斗鱼直播-大司马m~的博客密码全部存储在password_hash($password1,PASSWORD_BCRYPT);...目前,无论我输入什么,它总是说不正确.require 'privstuff/dbinfo.php';$username = $_POST["username"];$password1 = $_POST["password1"];$...
没有解决我的问题, 去提问

悬赏问题

¥15 centos7.9 IPv6端口telnet和端口监控问题
¥120 计算机网络的新校区组网设计
¥20 完全没有学习过GAN，看了CSDN的一篇文章，里面有代码但是完全不知道如何操作
¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
¥20 海浪数据南海地区海况数据，波浪数据
¥20 软件测试决策法疑问求解答
¥15 win11 23H2删除推荐的项目，支持注册表等
¥15 matlab 用yalmip搭建模型，cplex求解，线性化处理的方法
¥15 qt6.6.3 基于百度云的语音识别不会改
¥15 关于#目标检测#的问题：大概就是类似后台自动检测某下架商品的库存，在他监测到该商品上架并且可以购买的瞬间点击立即购买下单

password_verify功能不起作用

1条回答 默认 最新

悬赏问题

1条回答默认最新