password_verify() 不工作
password_verify() not working
//index.php
<html>
<head>
<!--utf html5 declareren-->
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" type="text/css" href="cssreset.css">
</head>
<body>
<form action="login.php" method="POST">
username: <input type="text" name="usernamebox" required> <br>
password: <input type="password" name="passwordboxlogin" required> <br>
<input type="submit" value="Login">
</form>
<form action="register.php">
<input type="submit" value="Click here if you want to register">
</form>
</body>
</html>
//login.php
<?php
session_start();
error_reporting(E_ALL);
include ('connect.php');
$username = $_POST['usernamebox'];
$password = $_POST['passwordboxlogin'];
$_SESSION['usernamebox'] = $username;
//$db->query("SELECT * FROM `users` WHERE `username` = '$username'");
//
//$db->query("SELECT * FROM `users` WHERE `password` = '$password'");
//nieuw
$hash = "SELECT password FROM users WHERE username= '$username' ";
if (password_verify($password, $hash))
{
echo 'Password is valid!';
//header("Location: userpage.php");
}
else
{
echo 'Invalid password.';
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
</body>
</html>
我是一名 IT 学生,我似乎无法使用此 password_verify() 功能。
我基本上是在尝试将 mysqli 中的密码哈希与 login.php 中 POST 表单中给出的密码进行比较。密码已正确散列到我的数据库中。
你对功能的理解是错误的。您需要输入密码和散列密码,然后比较两者。你想要这样的东西:
$hash = 'y$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
因此,首先您必须查询数据库并获取散列密码,然后进行比较。在您的示例中,您正在散列实际查询字符串本身。
//index.php
<html>
<head>
<!--utf html5 declareren-->
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" type="text/css" href="cssreset.css">
</head>
<body>
<form action="login.php" method="POST">
username: <input type="text" name="usernamebox" required> <br>
password: <input type="password" name="passwordboxlogin" required> <br>
<input type="submit" value="Login">
</form>
<form action="register.php">
<input type="submit" value="Click here if you want to register">
</form>
</body>
</html>
//login.php
<?php
session_start();
error_reporting(E_ALL);
include ('connect.php');
$username = $_POST['usernamebox'];
$password = $_POST['passwordboxlogin'];
$_SESSION['usernamebox'] = $username;
//$db->query("SELECT * FROM `users` WHERE `username` = '$username'");
//
//$db->query("SELECT * FROM `users` WHERE `password` = '$password'");
//nieuw
$hash = "SELECT password FROM users WHERE username= '$username' ";
if (password_verify($password, $hash))
{
echo 'Password is valid!';
//header("Location: userpage.php");
}
else
{
echo 'Invalid password.';
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
</body>
</html>
我是一名 IT 学生,我似乎无法使用此 password_verify() 功能。
我基本上是在尝试将 mysqli 中的密码哈希与 login.php 中 POST 表单中给出的密码进行比较。密码已正确散列到我的数据库中。
你对功能的理解是错误的。您需要输入密码和散列密码,然后比较两者。你想要这样的东西:
$hash = 'y$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
因此,首先您必须查询数据库并获取散列密码,然后进行比较。在您的示例中,您正在散列实际查询字符串本身。