Php 密码散列
我已经开始使用密码\u hash()进行密码哈希。我遇到的问题是,当我使用password_verify()检查输入值是否与数据库中存储的哈希密码匹配时,每次它都返回falsePhp 密码散列,php,hash,Php,Hash,我已经开始使用密码\u hash()进行密码哈希。我遇到的问题是,当我使用password_verify()检查输入值是否与数据库中存储的哈希密码匹配时,每次它都返回false $password = "test"; $query = "SELECT password FROM user WHERE password = :pass "; $statement = $connection->prepare($query); $statement->bindParam
$password = "test";
$query = "SELECT password FROM user WHERE password = :pass ";
$statement = $connection->prepare($query);
$statement->bindParam(":pass", $password);
$statement->execute();
if(password_verify($password, $row['password'])){
echo "Password Valid";
}
else {
echo "Invalid Password";
}
但是,例如,如果我从数据库复制一个散列密码值,并将其放在$row['password']的位置,当我测试代码时,它会返回true
if(password_verify($password, '$2y$10$kc09i9YSP.ExmUquMqRnf......')){
echo "Password Valid";
}
请提供帮助。替换:
与:
请使用Joel Hinz的答案第一个问题是您试图使用SQL查找哈希密码。标准过程是找到具有给定用户名的用户,并获取该用户的密码,以便进行验证 您的另一个问题是调用
$row['password']
,但您尚未在代码中实际设置它。首先获取行,然后可以验证密码
像这样的方法应该会奏效:
$username = "test";
$query = "SELECT password FROM user WHERE username = :username ";
$statement = $connection->prepare($query);
$statement->bindParam(":username", $username);
$statement->execute();
$row = $statement->fetch();
if(password_verify($password, $row['password'])){
echo "Password Valid";
}
else {
echo "Invalid Password";
}
查看下面的链接,谢谢
选择password=:password
-真的吗?我很高兴它能帮上忙!:)
$statement->bindParam(":pass", password_hash($password, PASSWORD_DEFAULT));
$username = "test";
$query = "SELECT password FROM user WHERE username = :username ";
$statement = $connection->prepare($query);
$statement->bindParam(":username", $username);
$statement->execute();
$row = $statement->fetch();
if(password_verify($password, $row['password'])){
echo "Password Valid";
}
else {
echo "Invalid Password";
}