更改密码后password_hash无法登录,我可以使用注册时创建的密码登录,但更改后无法登录。我错过了什么?
// change password
public function update_user_passwd($user_id,$user_passwd) {
$passwd = password_hash($user_passwd, PASSWORD_DEFAULT);
$update_passwd = $this->_db->prepare('UPDATE `users` SET `user_pass`= ? WHERE `user_id` = ?');
$update_passwd->bindValue(1,$passwd, PDO::PARAM_STR);
$update_passwd->bindValue(2,$user_id, PDO::PARAM_INT);
try {
$update_passwd->execute();
return 1;
} catch (PDOException $exc) {
return 0;
}
}
//login
public function login($user_email, $user_passwd) {
//login the user to the system.
try {
$stmt = $this->_db->prepare("SELECT * FROM `users` WHERE `user_email` = :umail");
$stmt->execute(array(':umail' => $user_email));
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
$hash = $userRow['user_pass'];
$user_status = $userRow['user_status'];
$user_id = $userRow['user_id'];
if ($stmt->rowCount() > 0) {
return $this->login_user($user_passwd, $hash, $user_status, $user_id);
}
} catch (PDOException $e) {
echo $e->getMessage();
}
}
private function login_user($user_passwd, $hash, $user_status, $user_id, $remember_me) {
if (password_verify($user_passwd, $hash) && $user_status === 'active') {
$_SESSION['web_user'] = $user_id;
return TRUE;
} else {
return FALSE;
}
}
我的密码列是 255 个字符长。