-4

我正在创建一个用户登录页面。我用于password($pass,PASSWORD_BCRYPT)将数据插入数据库但尝试验证密码与password_verify($password,$salt)值不匹配。

我确信$salt从数据库中检索到的数据是正确的,但它不匹配。你能建议我如何进一步解决它吗?我对此进行了彻底的搜索,但找不到任何答案。

这是我下面的登录代码:

<?php 
      // if form submitted 
      // check supplied login credentials 
      // against database
      } 
      else {   $username = $_POST['username'];   
                $password = $_POST['password'];  
      // check input   
      if (empty($username)) {   
      die('ERROR: Please enter your username');   
      }   
      if (empty($password)) {   
      die('ERROR: Please enter your password');  
      }  
      // attempt database connection   
      include("memberconnect.php");
       $pdo = new mysqli($host,$user,$password,$database);  

      if (!$pdo) { 
      die("ERROR: Could not connect: (" . $pdo->errno .")" .$pdo->error); 
      }  
      // escape special characters in input 
      $username = stripslashes($username);  
      // check if usernames exists   
      $sql = "SELECT Login_Name FROM memberdirectory WHERE Login_Name = '$username ' ";  
      if ($result = mysqli_query($pdo,$sql)) {   
      $row = mysqli_num_rows($result);    
      // if yes, fetch the encrypted password  
      if ($row == 1) {     
      $sql = "SELECT Password FROM memberdirectory WHERE Login_Name = '$username' ";  
      // encrypt the password entered into the form   
      // test it against the encrypted password stored in the database   
      // if the two match, the password is correct 
      if ($result = mysqli_query($pdo,$sql)) {  
      $row = mysqli_fetch_array($result);  
      $salt = $row[0];   
      if (password_verify($password,$salt)) 
      {    
      // password correct 
      // start a new session  
      // save the username to the session 
      // if required, set a cookie with the username   
      // redirect the browser to the main application page 
      session_start();          
      $_SESSION['username'] = $username;  
      if ($_POST['sticky']) {    
      setcookie('name', $_POST['username'], mktime()+86400);   
      }         
      header('Location: main.php');         
      } 
      else
      {           echo 'You entered an incorrect password.'; 
      echo strlen($salt);
      var_dump(password_verify('$password',$salt));
      var_dump($salt);
      }      
      }
      else { 
      die("ERROR: Could not execute $sql (" .$pdo->errno.")".$pdo->error);      
      }     
      } else { 
      echo 'You entered an incorrect username.';    
      }   
      } else { 
      die( "ERROR: Could not execute $sql (" .$pdo->errno.")".$pdo->error); 
      }  
      // close connection  
      unset($pdo); } 
      ?>
4

1 回答 1

1

password_verify根据哈希检查密码。要获取看起来会保存到数据库中的哈希,您可以使用password_hash. 这甚至在password_verify php.net 手册页中都有说明。请重新检查您的哈希。

我知道的唯一password功能是主要用于 MySQL 身份验证的 MySQL。如果您使用的是自定义函数password,则必须重新发送输入的密码和加盐,或对哈希进行反向工程。

于 2014-08-12T23:03:58.667 回答