Php 密码\u验证返回错误的帐户详细信息
My password_verify()总是提供错误的帐户详细信息,但这些详细信息是正确的。 我的片段:Php 密码\u验证返回错误的帐户详细信息,php,sql,security,passwords,Php,Sql,Security,Passwords,My password_verify()总是提供错误的帐户详细信息,但这些详细信息是正确的。 我的片段: include('Application/Bootstrap.php'); if(isset($_SESSION['username'])) { header('location: '.$config['website']['url'].'/me'); // Use this if the user HAS to login. } if (isset($_P
include('Application/Bootstrap.php');
if(isset($_SESSION['username'])) {
header('location: '.$config['website']['url'].'/me'); // Use this if the user HAS to login.
}
if (isset($_POST['submit'])) {
$username = $db->real_escape_string($_POST['username']);
$password = $db->real_escape_string($_POST['password']);
if (!$_POST['username'] || !$_POST['password']) {
echo 'Je moet een gebruikersnaam en wachtwoord invullen om in te loggen.';
}
else {
$check = $db->query("SELECT * FROM users WHERE username = '".$username."' and password = '".$password."'");
$row=mysqli_fetch_assoc($check);
if (password_verify($password, $row['password'])) { //I try $password AND $_POST['password']
$_SESSION['username'] = $_POST['username'];
header("Location: /me");
exit;
}
else {
// ALS HET NIET KLOPT!!!!
echo 'Je gegevens kloppen niet.'; }
}
}
$db->query("INSERT INTO users
(username,password,mail,auth_ticket,motto,ip_reg)
VALUES ('$username', '".password_hash($pw, PASSWORD_BCRYPT, $options)."', '$mail', '$ticket', '$motto', '$ip')") or die($db->error);
我希望有人能帮助我。您在SQL查询中第一次检查密码时,检查了两次密码:
$check = $db->query("SELECT * FROM users WHERE username = '".$username."' and password = '".$password."'");
|< remove this part >|
您正在存储散列密码,但请尝试将列
和password='“$password.”$check=$db->query(“从username='“$username.”的用户中选择密码);v的内容ar_dump($row)错误报告(E_ALL);$row$\u POST['password']$stmt = $db->prepare('SELECT * FROM users WHERE username = ?');
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
...
if (password_verify($_POST['password'], $row['password']))
{
...
}
$result->close();