PHP pasword_验证总是说密码有效,除非列为空
我不能100%确定我是否正确使用了PHP密码验证,因为它总是说从表单中输入的密码是有效的。我认为我的代码部分存在问题:PHP pasword_验证总是说密码有效,除非列为空,php,html,mysql,password-hash,Php,Html,Mysql,Password Hash,我不能100%确定我是否正确使用了PHP密码验证,因为它总是说从表单中输入的密码是有效的。我认为我的代码部分存在问题: include('../connection/conn.php'); $stmt = $conn->prepare("SELECT * FROM users WHERE email=?"); $stmt->bind_param("s", $email); $stmt->execute();
include('../connection/conn.php');
$stmt = $conn->prepare("SELECT * FROM users WHERE email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($db_email, $db_password);
$count = $stmt->num_rows;
//password hasing
if ($count == 1)
{
while ($stmt->fetch()) {
if (password_verify($password, $db_password))
{
echo "Sucess";
}
}
}
<?php
global $conn;
$server = "localhost";
$user = "root";
$password = "";
$db = "loginV2";
$conn = mysqli_connect($server, $user, $password, $db);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
echo "<p id='connection'>True</p>";
}
?>
登录
我刚刚在自己的数据库中测试了一些内容,发现以下内容适用于我的数据库表:
$conn = mysqli_connect(...blah blah blah);
$email = "my_email_here";
$stmt = $conn->prepare("SELECT email, password FROM my_table_here WHERE email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($one, $two);
while ($stmt->fetch()) {
var_dump($one); // my email from database
var_dump($two); // my hashed password from database (looks something like $2y$10$VmfW7/b1t4SVxi7wlxjZmu8...)
}
不确定除了您的问题中的sql查询之外,这里会有什么不同
编辑
您可以尝试的是:
$password = 'testing';
$hashed = password_hash($password, PASSWORD_DEFAULT);
if (password_verify($password, $hashed) {
echo "password verified";
} else {
echo "not verified";
}
将while
语句替换为上述代码,然后查看返回的内容找到错误。6小时的var_转储,问题出在conn.php中
include('../connection/conn.php');
//Duplicate Check
$stmt = $conn->prepare("SELECT email, password FROM users WHERE email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($db_email, $db_password);
$stmt->fetch();
在验证密码之前,我们使用conn.php连接数据库。这包括my database password,其变量名作为用户输入密码:
<?php
global $conn;
$server = "localhost";
$user = "root";
// $password is set to nothing
$password = "";
$db = "loginV2";
$conn = mysqli_connect($server, $user, $password, $db);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
echo "<p id='connection'>True</p>";
}
?>
您似乎缺少一些我们确定此问题所需的代码。例如,$password
和$db\u password
来自哪里?$db\u password来自mysqli::bind\u result()。但是,他们正在使用SELECT*。可能第二个字段本身没有密码存储数据库密码时,您是否在使用密码\u散列
函数?您好,很抱歉造成混淆。我现在用所有必要的代码编辑这个问题。我根据您的代码重新编写了代码,var_dump和echo都正确地输出了散列密码。但是,如果我输入了错误的密码,仍然会成功。现在非常沮丧,不确定是否有小问题,或者我编写密码验证
函数的方式不正确。密码验证
使用正确,只需要有正确的值。您是使用密码\u散列($password,password\u BCRYPT)
还是类似的方法来生成密码?我的散列密码看起来像$2y$10$VmfW7/b1t4SVxi7wlxjZmu…
我使用的散列是$hash=password\u散列($password,password\u DEFAULT)密码哈希和密码验证发生在不同的页面上。只是想知道这是否有什么不同。我不认为有,但我对密码验证还是新手。当遇到这种问题时,我通常会进行一些调试。例如,在password_verify()调用之前的一行,我将显示这两个变量的值。确保进入函数的数据是您认为的数据。如果没有,请反向查找错误。祝你好运
include('../connection/conn.php');
//Duplicate Check
$stmt = $conn->prepare("SELECT email, password FROM users WHERE email=?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($db_email, $db_password);
$stmt->fetch();
<?php
global $conn;
$server = "localhost";
$user = "root";
// $password is set to nothing
$password = "";
$db = "loginV2";
$conn = mysqli_connect($server, $user, $password, $db);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
echo "<p id='connection'>True</p>";
}
?>