PHP 密码加密失败,在数据库中以明文形式显示
PHP password is failing to encrypt and shows in clear text inside database
我不知道这是怎么发生的,因为我的登录密码之前工作得很好,现在我发现它在 phpmyadmin 中以明文形式显示密码。我什么都没碰,所以我不知道现在该怎么做。
我不确定错误出在哪里,但我已经添加了我的 register.php 页面并删除了大部分代码 我知道这不是问题所以主要是我写密码代码:
<?php
$password = $mysqli->escape_string
(password_hash($_POST['password'], PASSWORD_BCRYPT));
$password = trim($_POST['password']);
$password = strip_tags($password);
$password2 = trim($_POST['password2']);
$password2 = strip_tags($password2);
if (empty($password)){
$error = true;
$_SESSION['message'] = "Please enter password.";
header("location: error.php");
} else if(strlen($password) < 6) {
$error = true;
$_SESSION['message'] = "Password must have atleast 6 characters.";
header("location: error.php");
} else if ($password != $password2) {
$error = true;
$_SESSION['message'] = "Please check if both password fields match.";
header("location: error.php");
} else if ($password == $user_name && $password2 == $user_name) {
$error = true;
$_SESSION['message'] = "Please check that your
password is not the same as username.";
header("location: error.php");
}
if( !$error ) {
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'")
or die($mysqli->error());
if ( $result->num_rows > 0 ) {
$_SESSION['message'] = 'User with this email already exists!';
header("location: error.php");
}
else {
$sql = "INSERT INTO users (first_name, user_name,
email, password, hash) ".
"VALUES ('$first_name','$user_name',
'$email','$password', '$hash')";
这是我的 login.php 页面,这是我收到的实际错误,说我的密码不正确:
<?php
$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
if ( $result->num_rows == 0 ){
$_SESSION['message'] = "User with that email doesn't exist!";
header("location: error.php");
}
else {
$user = $result->fetch_assoc();
if ( password_verify($_POST['password'], $user['password']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['user_name'] = $user['user_name'];
$_SESSION['active'] = $user['active'];
$_SESSION['logged_in'] = true;
header("location: profile.php");
}
else {
$_SESSION['message'] = "You have entered wrong password, try again!";
header("location: error.php");
}
}
您正在重置 $password 变量
<?php
//Change this to $password_encrypted
$password = $mysqli->escape_string
(password_hash($_POST['password'], PASSWORD_BCRYPT));
$password = trim($_POST['password']);//This is overriding the above $password
$password = strip_tags($password);
尝试将第一个 $password 更改为类似 $password_encrypted 的内容,然后在 SQL 语句中使用它
$sql = "INSERT INTO users (first_name, user_name,
email, password, hash) ".
"VALUES ('$first_name','$user_name',
'$email','$password_encrypted', '$hash')";
此外,我没有注意到在您提供的代码中设置了 $hash 变量,我假设这是在其他地方设置的?
我不知道这是怎么发生的,因为我的登录密码之前工作得很好,现在我发现它在 phpmyadmin 中以明文形式显示密码。我什么都没碰,所以我不知道现在该怎么做。
我不确定错误出在哪里,但我已经添加了我的 register.php 页面并删除了大部分代码 我知道这不是问题所以主要是我写密码代码:
<?php
$password = $mysqli->escape_string
(password_hash($_POST['password'], PASSWORD_BCRYPT));
$password = trim($_POST['password']);
$password = strip_tags($password);
$password2 = trim($_POST['password2']);
$password2 = strip_tags($password2);
if (empty($password)){
$error = true;
$_SESSION['message'] = "Please enter password.";
header("location: error.php");
} else if(strlen($password) < 6) {
$error = true;
$_SESSION['message'] = "Password must have atleast 6 characters.";
header("location: error.php");
} else if ($password != $password2) {
$error = true;
$_SESSION['message'] = "Please check if both password fields match.";
header("location: error.php");
} else if ($password == $user_name && $password2 == $user_name) {
$error = true;
$_SESSION['message'] = "Please check that your
password is not the same as username.";
header("location: error.php");
}
if( !$error ) {
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'")
or die($mysqli->error());
if ( $result->num_rows > 0 ) {
$_SESSION['message'] = 'User with this email already exists!';
header("location: error.php");
}
else {
$sql = "INSERT INTO users (first_name, user_name,
email, password, hash) ".
"VALUES ('$first_name','$user_name',
'$email','$password', '$hash')";
这是我的 login.php 页面,这是我收到的实际错误,说我的密码不正确:
<?php
$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
if ( $result->num_rows == 0 ){
$_SESSION['message'] = "User with that email doesn't exist!";
header("location: error.php");
}
else {
$user = $result->fetch_assoc();
if ( password_verify($_POST['password'], $user['password']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['user_name'] = $user['user_name'];
$_SESSION['active'] = $user['active'];
$_SESSION['logged_in'] = true;
header("location: profile.php");
}
else {
$_SESSION['message'] = "You have entered wrong password, try again!";
header("location: error.php");
}
}
您正在重置 $password 变量
<?php
//Change this to $password_encrypted
$password = $mysqli->escape_string
(password_hash($_POST['password'], PASSWORD_BCRYPT));
$password = trim($_POST['password']);//This is overriding the above $password
$password = strip_tags($password);
尝试将第一个 $password 更改为类似 $password_encrypted 的内容,然后在 SQL 语句中使用它
$sql = "INSERT INTO users (first_name, user_name,
email, password, hash) ".
"VALUES ('$first_name','$user_name',
'$email','$password_encrypted', '$hash')";
此外,我没有注意到在您提供的代码中设置了 $hash 变量,我假设这是在其他地方设置的?