Fatal编程技术网
  • php/
  • php密码\u哈希和密码\u验证失败

php密码\u哈希和密码\u验证失败

php

php密码\u哈希和密码\u验证失败,php,Php,基本问题,但我一直失败。已经检查过类似的主题,但没有接近解决方案,所以请不要重定向我,只指出我缺少的内容。多谢各位 <?php $hashed_password = ""; $con = mysqli_connect("localhost", "root", "", "testTable"); if (isset($_POST["reg_button"])){ $password = ($_POST["reg_password"]); $hashed_password = pas

基本问题,但我一直失败。已经检查过类似的主题,但没有接近解决方案,所以请不要重定向我,只指出我缺少的内容。多谢各位

<?php 

$hashed_password = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

$password = ($_POST["reg_password"]);

$hashed_password = password_hash($password, PASSWORD_DEFAULT);

$query = mysqli_query($con, "INSERT INTO user VALUES('', '$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>
但我不知道如何修复它

任何帮助都会很好。谢谢大家!

更新代码:

register.php:

<?php 

$hashed_password = "";
$name = "";
$con = mysqli_connect("localhost", "root", "", "testTable");

if (isset($_POST["reg_button"])){

    $password = ($_POST["reg_password"]);
    $name = ($_POST["reg_name"]);

    $hashed_password = password_hash($password, PASSWORD_DEFAULT);

    $query = mysqli_query($con, "INSERT INTO user VALUES('', '$name','$hashed_password')");

}
?>

<!DOCTYPE html>
<html>
<head>
    <title>register</title>
</head>
<body>
    <form action="register.php" method="POST">
        <input type="text" name="reg_name" placeholder="Name">
        <br><br>
        <input type="password" name="reg_password" placeholder="Password">
        <br><br>
        <input type="submit" name="reg_button" value="Register">
    </form>
    <br>
    <form action="login.php" method="POST">
        <input type="text" name="login_name" placeholder="Name">
        <br><br>
        <input type="password" name="login_password" placeholder="Password">
        <br><br>
        <input type="submit" name="login_button" value="Login">
    </form>
</body>
</html>
login.php:

<?php

include "register.php";

$con = mysqli_connect("localhost", "root", "", "testTable");

if(isset($_POST["login_button"])){

    $name = $_POST['login_name'];
    $password = $_POST['login_password'];

    $checkDB = mysqli_query($con, "SELECT * FROM user WHERE name = '$name'");

    $passwordField = null;

    while($getRow = mysqli_num_rows($checkDB)){
        $passwordField = $getRow['password']; // Get hashed password
    }

    if(password_verify($password, $passwordField)){
        echo('Correct');
    }else{
        echo('Wrong');
    }
}
?>
下面是从哪里获得$hashed_密码的?即使包含register.php,它也不会做任何事情,因为这些值没有设置

$password = password_verify($_POST["login_password"], $hashed_password);
您首先需要从数据库中获取它

其次,password\u verify返回true或false,因此即使设置了$hashed\u password,$password也将是一个布尔值。

您可以通过while循环和mysqli\u fetch\u数组执行此操作。这一定能解决你的问题。:[更新]

<?php

$con = mysqli_connect("localhost", "root", "", "testtable");

if(isset($_POST["login_button"])){

    // $password = password_verify($_POST["login_password"], $hashed_password);
    $password = $_POST['password'];
    $checkDB = mysqli_query($con, "SELECT * FROM user");

    while($getRow = mysqli_fetch_array($checkDB)){
        $passwordRow = $getRow['password'];
    }

    if(password_verify($password, $passwordRow) === TRUE){
        echo('Welcome');
    }else{
    echo('Wrong credentials');
    }
}
?>
我以为$hashed_password在包含register.php时会得到它的值,就像我做的那样。不是吗?那么我应该如何给它赋值呢?@idontgetit您不能同时登录和注册。请从db:SELECT pass\u列中获取哈希值,其中username=…感谢您提供的详细答案。尝试使用您的代码,注册工作正常,但当涉及到登录时,我会遇到以下问题:致命错误:在第16行的C:\xampp\htdocs\test\login.php中超过了30秒的最大执行时间。很明显,“while”会让你的表单中只有一个字段密码吗?不,我也添加了一个“name”字段,请查看上面的更新代码请查看更新的答案。它只有一个字段密码。谢谢你的更新和时间,John。现在,它正在按预期工作。 
$password = password_verify($_POST["login_password"], $hashed_password);

<?php

$con = mysqli_connect("localhost", "root", "", "testtable");

if(isset($_POST["login_button"])){

    // $password = password_verify($_POST["login_password"], $hashed_password);
    $password = $_POST['password'];
    $checkDB = mysqli_query($con, "SELECT * FROM user");

    while($getRow = mysqli_fetch_array($checkDB)){
        $passwordRow = $getRow['password'];
    }

    if(password_verify($password, $passwordRow) === TRUE){
        echo('Welcome');
    }else{
    echo('Wrong credentials');
    }
}
?>