password_verify（）和mysql的问题，有些返回正确，有些则没有

I'm quite inexperienced with a lot of php. I have a registration and login pages.

The accounts created from the index.php page are working fine, but the ones coming from a page called trucks.php page is is having an issue with verify_password();

They both use the same registration and login php pages.

Registration Page:


$type = $_REQUEST['type'];


// Register
$error = "";
$first = mysqli_real_escape_string($conn, $_REQUEST['first_name']);
$last = mysqli_real_escape_string($conn, $_REQUEST['last_name']);
$company_name = mysqli_real_escape_string($conn, $_REQUEST['restaurant_name']);
$email = mysqli_real_escape_string($conn, strtolower($_REQUEST['email']));
$pass = password_hash($_REQUEST['password1'],PASSWORD_DEFAULT);
$cpass = mysqli_real_escape_string($conn, $_REQUEST['password2']);
$phone = mysqli_real_escape_string($conn, $_REQUEST['phone']);
$address = mysqli_real_escape_string($conn, $_REQUEST['address']);
$city = mysqli_real_escape_string($conn, $_REQUEST['city']);
$state = mysqli_real_escape_string($conn, $_REQUEST['state']);
$zip = mysqli_real_escape_string($conn, $_REQUEST['zip']);
$website = mysqli_real_escape_string($conn, $_REQUEST['website']);

$q = "SELECT email FROM users WHERE (email='$email')";
$r = $conn->query($q);
while($row = $r->fetch_assoc())
    {
    if($row['email'] == $email)
    {
    $error = "email";
    }
    }
    if($first == "")
    {
        $error = "first";
    }
    else if($last == "")
    {
        $error = "last";
    }
    else if($email == "")
    {
        $error = "email2";
    }
  else if($pass == "")
    {
            $error = "password";
    }
    else if(!password_verify($cpass,$pass))
    {
            $error = "confirm";
    }
  else if($phone < 0 || $phone > 9999999999)
    {
            $error = "phone";
    }

if($error == "")
{
$q = "INSERT INTO users (first_name, last_name, email, password, phone, registration_date, type)
VALUES ('$first', '$last', '$email', '$pass', '$phone',  NOW(), '0')";
$conn->query($q);
session_start();
$q = "SELECT id, type FROM users WHERE email = '$email'";
$r = $conn->query($q);
while($row = $r->fetch_assoc())
    {
    $id = $row['id'];
  $type = $row['type'];
    }
$_SESSION['id']  = $id;


//Truck Register

if($type = 1)
{
// Link Company to User for login
$q = "INSERT INTO company (user_id, company_name, website, city, postal_code)
VALUES ('$id', '$company_name', '$website', '$city', '$zip')";
$conn->query($q);
}
  header("Location: ../index.php?regstatus=success");
exit;
}
else
{
  if($type == 1)
  {
    header("Location: ../trucks.php?error=$error");
  }
  else{
    header("Location: ../index.php?error=$error");
  }
}

$email = mysqli_real_escape_string($conn, $_REQUEST['email']);
$pass = $_REQUEST['pass'];
$rem = $_REQUEST['remember'];



$q = "SELECT id, password FROM users WHERE email = '$email'";
$r = $conn->query($q);
while($row = $r->fetch_assoc())
{
$passhash = $row['password'];
$id = $row['id'];
}
$verified = password_verify($pass, $passhash);
if($verified)
{
session_start();
$passhash = "";
$pass = "";
$_REQUEST['pass'] = "";
$_SESSION['id'] = $id;
header("Location: ../index.php");
exit;

}
else{
header("Location: ../index.php?status=false");
exit;
}




?>

Tried switching encoding, changed from 2 registration pages to 1 etc.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

报告相同问题？

关注问题

PHP中的password_verify无法使用数据库 mysql php
2015-12-03 11:49

回答 1 已采纳 You are not passing the user password into password_hash() function. The first parameter should be
password_verify总是无效的密码，虽然密码是正确的 mysql php
2017-03-22 07:28

回答 1 已采纳 The problem is that you specify an invalid salt value. You should not specify the salt yourself, j
为什么password_verify返回false？ mysql php
2014-02-12 22:39

回答 2 已采纳 Probably the problem is with your column length, from the manual: it is recommended to store the
php crypt mysql password_使用PHP 5.5的password_hash和password_verify函数
2021-01-28 11:48

亦纯的博客使用PHP 5.5的password_hash和password_verify函数假设我想为用户存储密码，这是使用PHP 5.5的password_hash()功能(或者这个版本的PHP 5.3.7+：https：//github.com/ircmaxell/password_compat)的正确方法吗？...
password_verify如果{invalid} else {[关闭] mysql php
2016-04-08 17:31

回答 2 已采纳 Logical Operators: NOT (!) if (!password_verify($password, $hash)) { // invalid = run set of
如何正确使用密码_verify与PDO和盐？ mysql php
2014-04-18 20:00

回答 1 已采纳 To verify a password you have to retrieve it. Means you have to select it, not use in a condition.
password_verify不起作用[关闭] php
2015-09-16 20:15

回答 1 已采纳 $sql="SELECT [..snip..] and password='password_verify($password, $hashAndSalt)'";
mysql if函数验证密码_php – 密码未使用函数password_verify验证
2021-02-06 19:06

老许的花开的博客我想我直接从mysql数据库使用函数PASSWORD散列密码(我在这里做错了吗？)....$password=$_POST['password'];$hash="*85955899FF0A8CDC2CC36745267ABA38EAD1D28"; //this is the hashed password i...
写入数据库后，password_verify不匹配 php
2015-08-20 15:15

回答 1 已采纳 I simulated your code without database and form fetching, and it runs ok. It means there's somethi
是否需要从数据库中获取哈希？ password_hash bcrypt [复制] mysql php
2017-06-20 20:44

回答 1 已采纳 Yes, it's necessary. You need the unique salt generated during hashing, encoded as part of the has
试图理解PHP password_hash php
2012-10-11 16:31

回答 3 已采纳 FROM PHP DOC To specify a literal single quote, escape it with a backslash (). To specify a li
passwordverify php,php – 为什么password_verify返回false？
2021-04-08 11:10

yiqin luo的博客我正在使用password_verify来检查我的哈希密码.我有PHP 5.5：$this->db_connection = new MysqLi(DB_HOST,DB_USER,DB_PASS,DB_NAME);// if no connection errors (= working database connection)if (!$this->...
如何从mysql数据库中获取字符串以与PasswordVerify（）一起使用？ mysql php
2019-04-24 16:42

回答 2 已采纳 Having fetched the data here, making $hashedpass an array: $hashedpass = $sql->fetch_array();
passwordverify php,php password_verify无法正常工作
2021-04-08 11:10

weixin_39541044的博客我有PHP 5.5.$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);// if no connection errors (= working database connection)if (!$this->db_connection->co...
php 验证密码不能为空,php – 密码未使用函数password_verify验证
2021-04-27 06:36

weixin_39709262的博客我想我直接从mysql数据库使用函数PASSWORD散列密码(我在这里做错了吗？)....$password=$_POST['password'];$hash="*85955899FF0A8CDC2CC36745267ABA38EAD1D28"; //this is the hashed password i...
php crypt mysql password_PHP和MYSQL：使用bcrypt哈希并使用数据库验证密码
2021-01-28 11:48

weixin_39947016的博客 $bcrypt = new Bcrypt(12);$pass = $_POST['password']; //register password field$hash= $bcrypt->...// then inserts $hash into database with users registered email (I've checked my mysql data...
php crypt mysql password_PHP和MYSQL：使用bcrypt哈希并用数据库验证密码
2021-01-18 19:13

稚一的博客我正在使用Andrew Moore先生的散列用户密码的方法(How do you use bcrypt for hashing passwords in PHP?).我做的是我有一个注册...$pass = $_POST['password']; //register password field$hash= $bcrypt->hash...
php crypt mysql password_PHP 加密用户密码 How to store passwords safely with PHP and MySQL
2021-02-08 22:06

曲筱的博客 Do not store password as plain textDo not try to invent your own password securityDo not ‘encrypt’ passwordsDo not use MD5Do not use a single site-wide saltWhat you should doUse a cryptographically ...
php_registrationform:使用PHP和MySQL进行用户注册和登录
2021-04-18 16:06

PHP注册和登录用途： htmlspecialchars($var)` while outputting datamysqli_real_escape_string($conn, $_POST['var']) to escape special characterspassword_hash($password, PASSWORD_DEFAULT) andpassword_...
没有解决我的问题, 去提问

悬赏问题

¥15 关于#matlab#的问题：在模糊控制器中选出线路信息，在simulink中根据线路信息生成速度时间目标曲线（初速度为20m/s，15秒后减为0的速度时间图像）我想问线路信息是什么
¥15 banner广告展示设置多少时间不怎么会消耗用户价值
¥16 mybatis的代理对象无法通过@Autowired装填
¥15 可见光定位matlab仿真
¥15 arduino 四自由度机械臂
¥15 wordpress 产品图片 GIF 没法显示
¥15 求三国群英传pl国战时间的修改方法
¥15 matlab代码代写，需写出详细代码，代价私
¥15 ROS系统搭建请教（跨境电商用途）
¥15 AIC3204的示例代码有吗，想用AIC3204测量血氧，找不到相关的代码。

码龄粉丝数原力等级 --

password_verify（）和mysql的问题，有些返回正确，有些则没有

0条回答默认最新

悬赏问题

password_verify（）和mysql的问题，有些返回正确，有些则没有

0条回答 默认 最新

悬赏问题

0条回答默认最新