Php 无法使用准备好的语句从数据库中提取密码哈希
编辑:为了澄清,我无法使用准备好的语句从数据库中提取哈希密码 我正在尝试创建一个登录系统,它使用准备好的语句、密码散列和密码验证 我已经创建了创建用户的注册表单,使用password\u hash$\u POST['password'],password\u DEFAULT使用哈希密码 这工作正常 然而,我现在仍然停留在创建登录表单上 我试图获取用户注册时存储的密码散列,但我无法使其与准备好的语句一起工作 这就是我现在拥有的Php 无法使用准备好的语句从数据库中提取密码哈希,php,mysql,prepared-statement,Php,Mysql,Prepared Statement,编辑:为了澄清,我无法使用准备好的语句从数据库中提取哈希密码 我正在尝试创建一个登录系统,它使用准备好的语句、密码散列和密码验证 我已经创建了创建用户的注册表单,使用password\u hash$\u POST['password'],password\u DEFAULT使用哈希密码 这工作正常 然而,我现在仍然停留在创建登录表单上 我试图获取用户注册时存储的密码散列,但我无法使其与准备好的语句一起工作 这就是我现在拥有的 <?php require('db.php'); if(iss
<?php
require('db.php');
if(isset($_POST['submit'])) {
$stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');
if($stmt) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt->bind_param('s', $username);
$stmt->execute();
}
}
?>
它只存储用户名,但不存储密码哈希,我不知道为什么
验证密码将使用此选项?
密码\u验证$password,$hash
更新
阅读以下内容。尝试以下内容:
<?php
require('db.php');
if(isset($_POST['submit'])) {
$stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');
if($stmt) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt->bind_param('s', $username);
$stmt->execute();
// Get query results
$stmt->bind_result($user_name,$hash);
$stmt->store_result();
// Fetch the query results in a row
$stmt->fetch();
// Verify user's password $password being input and $hash being the stored hash
if(password_verify($password, $hash)) {
// Password is correct
} else {
// Password is incorrect
}
}
}
?>
那么,你真正的问题是,为什么你的查询不起作用,而且与密码验证完全无关?@Sammitch这是主要问题,对吧。我以前几乎没有使用过这些函数,所以我不确定是否正确使用了它们。您是否进行了某种提取以实际获取结果行anywhere@RiggsFolly那么我是否需要使用类似于$row=$result->fetch的东西呢?如果其他方法都失败了,你可以阅读手册,从页面开始,这里有一个有用的例子
<?php
require('db.php');
if(isset($_POST['submit'])) {
$stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');
if($stmt) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt->bind_param('s', $username);
$stmt->execute();
// Get query results
$result = $stmt->get_result();
// Fetch the query results in a row
while($row = $result->fetch_assoc()) {
$hash = $row['user_password'];
$username = $row['user_name'];
}
// Verify user's password $password being input and $hash being the stored hash
if(password_verify($password, $hash)) {
// Password is correct
} else {
// Password is incorrect
}
}
}
?>
<?php
require('db.php');
if(isset($_POST['submit'])) {
$stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');
if($stmt) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt->bind_param('s', $username);
$stmt->execute();
// Get query results
$stmt->bind_result($user_name,$hash);
$stmt->store_result();
// Fetch the query results in a row
$stmt->fetch();
// Verify user's password $password being input and $hash being the stored hash
if(password_verify($password, $hash)) {
// Password is correct
} else {
// Password is incorrect
}
}
}
?>
$stmt = mysqli_prepare($link,"SELECT user_email,user_password,user_firstname,user_lastname,user_role,username FROM users WHERE user_email=?");
mysqli_stmt_bind_param($stmt,"s",$email);
mysqli_stmt_execute($stmt);
confirmQuery($stmt);
mysqli_stmt_bind_result($stmt,$user_email,$user_password,$user_firstname,$user_lastname,$user_role,$username);
mysqli_stmt_store_result($stmt);
mysqli_stmt_fetch($stmt);
if(mysqli_stmt_num_rows($stmt) == 0)
relocate("../index.php?auth_error=l1");
else{
if(password_verify($password,$user_password)){
$_SESSION['userid'] = $user_email;
$_SESSION['username'] = $username;
$_SESSION['firstname'] = $user_firstname;
$_SESSION['lastname'] = $user_lastname;
$_SESSION['role'] = $user_role;
if(isset($_POST['stay-logged-in']))
setcookie("userid", $email, time() + (86400 * 30), "/");
relocate("../index.php?auth_success=1");
}else
relocate("../index.php?auth_error=l2");
}
mysqli_stmt_close($stmt);