Php 密码\u verify()不用于数据库
我的注册页面是Php 密码\u verify()不用于数据库,php,Php,我的注册页面是 <?php require 'core.inc.php'; include 'connect.inc.php'; if (!loggedin()) { if (isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['user_name']) && is
<?php
require 'core.inc.php';
include 'connect.inc.php';
if (!loggedin()) {
if (isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['user_name']) && isset($_POST['password']) && isset($_POST['retype_password'])) {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$username = $_POST['user_name'];
$password = $_POST['password'];
$retype_password = $_POST['retype_password'];
$password_hash = password_hash($password, PASSWORD_DEFAULT);
if (!empty($first_name) && !empty($last_name) && !empty($username) && !empty($password) && !empty($retype_password)) {
if ($password!=$retype_password) {
echo 'Password does not matched';
} else {
$select_user_query = "SELECT `user_name` FROM `company_login` WHERE `user_name` = '$username'";
$run_user_query = mysqli_query($db_connect,$select_user_query);
if (mysqli_num_rows($run_user_query)==NULL) {
$insert_new_userinfo = "INSERT INTO`company_login`(`user_name`, `password`, `first_name`, `last_name`) VALUES ('".mysqli_real_escape_string($db_connect,$username)."','".mysqli_real_escape_string($db_connect,$password_hash)."','".mysqli_real_escape_string($db_connect,$first_name)."','".mysqli_real_escape_string($db_connect,$last_name)."')";
if ($insert_run = mysqli_query($db_connect,$insert_new_userinfo)) {
header('Location: signup_success.php');
} else {
echo 'Sorry, we couldn\'t register you at this time. Please try again later.';
}
} else {
echo 'The username '.$username.' already exists';
}
}
} else {
echo 'All fields are required.';
}
}
?>
<form action="register.php" method="post">
First Name : <br/><input type="text" name="first_name" value="<?php echo @$first_name ?>"><br/><br/>
Last Name : <br/><input type="text" name="last_name" value="<?php echo @$last_name?>"><br/><br/>
Username : <br/><input type="text" name="user_name" value="<?php echo @$username?>"><br/><br/>
Password : <br/><input type="password" name="password"><br/><br/>
Re-type Password : <br/><input type="password" name="retype_password"><br/> <br/>
<input type="Submit" value="Register">
</form>
<?php
} elseif (loggedin()) {
echo "You're already registered and logged in";
}
?>
名字:
密码\u验证
返回布尔值
如果登录无效,则回显假值将不会打印任何内容。您是否可以发布密码\u验证
以检查功能!在将密码存储到数据库之前,您是否对密码使用了password\u hash
函数?从password\u verify函数返回值它可能不会返回任何内容是的,在将密码存储到数据库之前,我使用了password\u hash函数db@MohamedNizar$2y$10$69xr9jo3qSgMz7x49mm5p./u/7rZ6ieb7/jU/7S0kdWt9xzrjsB8q这是哈希值什么他们能不能让它打印一些东西?就像他们对你说的:1。检查是否存储了哈希密码。您可以这样验证:如果(!password\u verify($password$user\u password\u result))回显“失败”@正如你所说,如果(!password_verify($password,$user_password_result))回显“失败”,那么Giovanni Battista Lenoci就可以了;我已经做了,它返回失败。你能告诉我失败是什么意思吗?字符串本身没有任何意义。当登录失败时,它会发出回声,我只是简单地使用了下面您认为对您有意义的代码。
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$select_pass_query = "SELECT `password` FROM `company_login` WHERE `user_name` = '".mysqli_real_escape_string($db_connect,$username)."'";
if ($select_pass_query_run = mysqli_query($db_connect,$select_pass_query)) {
// echo "suceessfully find the password";
$pass_num_row = mysqli_num_rows($select_pass_query_run);
if ($pass_num_row==NULL) {
echo "Invalid username/password combination";
} else if ($pass_num_row==1) {
$user_password = mysqli_fetch_row($select_pass_query_run);
$user_password_result = $user_password[0];
echo $user_password_result . "<br/>";
echo $pass_verify = password_verify($password, $user_password_result);
} else {
echo 'failed';
}
} else {
echo 'cannot find the password';
}