phpass CheckPassword函数在尝试登录时始终返回false。新手问题
一直试图在论坛和stack的问题中找到解决方案,但没有结果,所以你是我最后的希望。我使用phpass进行密码加密,注册脚本工作正常,但当我尝试登录并使用CheckPassword函数时,它总是返回false。我正在添加我的两个php脚本: 注册:phpass CheckPassword函数在尝试登录时始终返回false。新手问题,php,mysql,login,passwords,phpass,Php,Mysql,Login,Passwords,Phpass,一直试图在论坛和stack的问题中找到解决方案,但没有结果,所以你是我最后的希望。我使用phpass进行密码加密,注册脚本工作正常,但当我尝试登录并使用CheckPassword函数时,它总是返回false。我正在添加我的两个php脚本: 注册: <?php require 'phpass-0.3/PasswordHash.php'; require 'config.php'; $email = $_POST['email']; $confirmed_email = $_PO
<?php
require 'phpass-0.3/PasswordHash.php';
require 'config.php';
$email = $_POST['email'];
$confirmed_email = $_POST['confirmed_email'];
$username = $_POST['username'];
$password = $_POST['password'];
if ($_SERVER['REQUEST_METHOD'] === "POST") {
if(!preg_match("^[a-z0-9,!#\$%&'\*\+/=\?\^_`\{\|}~-]+(\.[a-z0-9,!#\$%&'\*\+/=\?\^_`\{\|}~-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.([a-z]{2,})$^", $email))
{
$errors[] = "Incorrect email format.";
}
if (($email)!==($confirmed_email))
{
$errors[] = "Emails do not match";
}
if ((strlen($username) < 5) || (!ctype_alnum($username)))
{
$errors[] = "Username must be min 6 signs and only include 0-9, A-Z characters.";
}
if ((strlen($password) < 7) || (!ctype_alnum($password)))
{
$errors[] = "Password must be min 8 signs and only include 0-9, A-Z characters.";
}
$stmt = $db->prepare('SELECT * FROM users WHERE username = ? LIMIT 1');
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows == 1)
{
$errors[] = "Username is taken.";
}
else if (!count($errors)) {
$hasher = new PasswordHash(8, false);
$hash = $hasher->HashPassword($password);
if (strlen($hash) >= 20) {
$stmt = $db->prepare('insert into users (username, email, password) values (?, ?, ?)');
$stmt->bind_param('sss', $username, $email, $hash);
$stmt->execute();
$stmt->close();
$db->close();
}
}
Foreach($errors as $v) print "$v <br/>";
}
?>
<?php
include 'config.php';
require 'phpass-0.3/PasswordHash.php';
if(isset($_POST['email'], $_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$stmt = $db->prepare("SELECT id, username, password FROM users WHERE email = ? LIMIT 1");
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id, $username, $hash);
$stmt->fetch();
$stored_hash = $hash;
$hasher = new PasswordHash(8, false);
$check = $hasher->CheckPassword($password, $stored_hash);
if ($check) {
echo"Logged IN";
} else {
echo "SOMETHING'S WRONG";
}
}
?>
确保哈希密码为60个字符,否则将返回false。
我也有同样的问题,注意到我的第一个哈希密码是61个字符。TL;博士,试着让你的问题更简洁。如果我们需要更多,我们会问。什么是var_dump($hasher->CheckPassword($password,$stored_hash))输出?似乎没有为您的$check
变量分配任何内容。@AmalMurali yap,bool(false)那么CheckPassword函数有问题吗?@user2699508-我也会使用参数$password
和$stored\u hash
进行变量转储,或者更好地安装调试器,它将在将来帮助你很多次。CheckPassword()不太可能不起作用,但$stored_散列通常与您存储的不一样,因为数据库字段太小,无法容纳整个字符串。检查您存储的$stored\u散列,它在数据库中的外观,以及您如何从数据库中获取它。