Php JWT decode()必须是数组错误类型
这里我有一些很瘦的PHP代码,它是登录的,还有一个函数来检查它是否解码存储在头中的JWTPhp JWT decode()必须是数组错误类型,php,jwt,slim,Php,Jwt,Slim,这里我有一些很瘦的PHP代码,它是登录的,还有一个函数来检查它是否解码存储在头中的JWT $app->post('/login', function ($request, $response) { $input = $request->getParsedBody(); $settings = $this->get('settings'); // get settings array. $sql = "SELECT id, password FROM users WHERE i
$app->post('/login', function ($request, $response) {
$input = $request->getParsedBody();
$settings = $this->get('settings'); // get settings array.
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify user id
if(!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
$payload = array(
"iat" => time(),
"exp" => time() + 36000,
// "id" => $input['id']
"context" => [
"user" => [
"id" => $input['id']
]
]
);
try {
$token = JWT::encode($payload, $settings['jwt']['secret'],"HS256"); // $token store the token of the user
} catch (Exception $e) {
echo json_encode($e);
}
return $this->response->withJson($payload,200)
->withHeader('Content-type', 'application/json;charset=utf-8', 200)
->withAddedHeader('Authorization', $token);
});
$app->get('/get', function ($request, $response) {
$jwt = $request->getHeader("Authorization");
$settings = $this->get('settings');
$token = JWT::decode($jwt, $settings['jwt']['secret'], "HS256"); // $token store the token of the user
if ($token) {
return $this->response->withJson($token, 200)
->withHeader('Content-type', 'application/json;charset=utf-8', 200);
}
return $this->response->withJson($token,401)
->withHeader('Content-type', 'application/json;charset=utf-8', 401);
});
但是当我尝试运行它时,它返回一个错误
传递给Firebase\JWT\JWT::decode()的参数3必须是数组类型
为什么会发生这种情况?我如何修复它?请尝试按照错误所述进行操作:
$token = JWT::decode($jwt, $settings['jwt']['secret'], ["HS256"]);
您可以看到使用的示例,尝试按照错误所述操作:
$token = JWT::decode($jwt, $settings['jwt']['secret'], ["HS256"]);
您可以看到使用的示例,如果我在同一个函数中解码,它将返回已解码的JWT,但如果我在其他函数中解码,它将返回错误。如何将jwt传递给其他函数
$app->post('/login', function ($request, $response) {
$key = "supersecretkeyyoushouldnotcommittogithub";
$input = $request->getParsedBody();
$settings = $this->get('settings'); // get settings array.
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify user id
if(!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
$payload = array(
"iat" => time(),
"exp" => time() + 36000,
// "id" => $input['id']
"context" => [
"user" => [
"id" => $input['id']
]
]
);
try {
$token = JWT::encode($payload, $key); // $token store the token of the user
} catch (Exception $e) {
echo json_encode($e);
}
// return $this->response->withJson($payload,200)
// ->withHeader('Content-type', 'application/json;charset=utf-8', 200)
// ->withHeader('Authorization', $token);
$decoded = JWT::decode($token, $key, array('HS256'));
print_r($decoded);
});
如果我在同一个函数中解码,它将返回已解码的JWT,但如果我在其他函数中解码,它将返回一个错误。如何将jwt传递给其他函数
$app->post('/login', function ($request, $response) {
$key = "supersecretkeyyoushouldnotcommittogithub";
$input = $request->getParsedBody();
$settings = $this->get('settings'); // get settings array.
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify user id
if(!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
$payload = array(
"iat" => time(),
"exp" => time() + 36000,
// "id" => $input['id']
"context" => [
"user" => [
"id" => $input['id']
]
]
);
try {
$token = JWT::encode($payload, $key); // $token store the token of the user
} catch (Exception $e) {
echo json_encode($e);
}
// return $this->response->withJson($payload,200)
// ->withHeader('Content-type', 'application/json;charset=utf-8', 200)
// ->withHeader('Authorization', $token);
$decoded = JWT::decode($token, $key, array('HS256'));
print_r($decoded);
});
警告
strcmp($input['password',$user->password)
表明您没有正确地散列密码。在处理密码时,应始终使用和。永远不要将它们存储为纯文本或使用任何自建的哈希算法。是的,我知道,我不是为了生产而做的。稍后将实现安全性。谢谢,打印什么($settings)代码>显示?尝试调试itit这是我的jwt设置,包含密钥,请参阅我的新注释警告strcmp($input['password',$user->password)
表明您没有正确地散列密码。在处理密码时,应始终使用和。永远不要将它们存储为纯文本或使用任何自建的哈希算法。是的,我知道,我不是为了生产而做的。稍后将实现安全性。谢谢,打印什么($settings)代码>显示?试着调试它是我的jwt设置,包含密钥,看到我的新注释仍然是相同的错误,顺便说一句,这是错误的一部分,它确实说了一些类似Firebase\jwt\jwt::decode(数组,'supersecretkeyy…',Array)的代码。但是对于我的代码,它是说Firebase\JWT\JWT::decode(数组,'supersecretkeyy…','HS256“),关键错误是段数错误
,您的令牌不是有效的JWT,请打印您传递到decode
函数的内容如果这有助于解决问题,请接受最佳答案;)还是同样的错误,顺便说一句,这是错误的一部分,它确实说了一些类似Firebase\JWT\JWT::decode(数组,'supersecretkeyy…',数组)的代码。但是对于我的代码,它是说Firebase\JWT\JWT::decode(数组,'supersecretkeyy…','HS256“),关键错误是段数错误
,您的令牌不是有效的JWT,请打印您传递到decode
函数的内容如果这有助于解决问题,请接受最佳答案;)正如我所写的,当您执行请求时,您的令牌无效,请在$jwt=$request->getHeader(“授权”)之后打印$jwt
变量代码>行。请编辑您的问题,不要发布更新后的问题作为答案。是的,我的jwt是空的。@pr1nc3好的,很抱歉对Stack来说是新的。正如我所写的,您的令牌在执行请求时无效,请在$jwt=$request->getHeader(“授权”)之后打印$jwt
变量代码>行。请编辑您的问题,不要发布更新后的问题作为答案。是的,我的jwt是空的。@pr1nc3好的,对不起,这是一个新问题