PHP 密码加密失败,在数据库中以明文形式显示

PHP password is failing to encrypt and shows in clear text inside database

我不知道这是怎么发生的,因为我的登录密码之前工作得很好,现在我发现它在 phpmyadmin 中以明文形式显示密码。我什么都没碰,所以我不知道现在该怎么做。

我不确定错误出在哪里,但我已经添加了我的 register.php 页面并删除了大部分代码 我知道这不是问题所以主要是我写密码代码:

<?php

$password = $mysqli->escape_string
            (password_hash($_POST['password'], PASSWORD_BCRYPT));

$password = trim($_POST['password']);
    $password = strip_tags($password);

$password2 = trim($_POST['password2']);
    $password2 = strip_tags($password2);

if (empty($password)){
        $error = true;
        $_SESSION['message'] = "Please enter password.";
        header("location: error.php");
    } else if(strlen($password) < 6) {
        $error = true;
        $_SESSION['message'] = "Password must have atleast 6 characters.";
        header("location: error.php");
    } else if ($password != $password2) {
        $error = true;
        $_SESSION['message'] = "Please check if both password fields match.";
        header("location: error.php");
    } else if ($password == $user_name && $password2 == $user_name) {
        $error = true;
        $_SESSION['message'] = "Please check that your 
                                password is not the same as username.";
        header("location: error.php");
    }

if( !$error ) {

        $result = $mysqli->query("SELECT * FROM users WHERE email='$email'") 
                                or die($mysqli->error());

        if ( $result->num_rows > 0 ) {

            $_SESSION['message'] = 'User with this email already exists!';
            header("location: error.php");

        }
        else {

            $sql = "INSERT INTO users (first_name, user_name, 
                                      email, password, hash) ".
                                      "VALUES ('$first_name','$user_name',
                                      '$email','$password', '$hash')";

这是我的 login.php 页面,这是我收到的实际错误,说我的密码不正确:

<?php

$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");

if ( $result->num_rows == 0 ){
    $_SESSION['message'] = "User with that email doesn't exist!";
    header("location: error.php");
}
else {
    $user = $result->fetch_assoc();

    if ( password_verify($_POST['password'], $user['password']) ) {

        $_SESSION['email'] = $user['email'];
        $_SESSION['first_name'] = $user['first_name'];
        $_SESSION['user_name'] = $user['user_name'];
        $_SESSION['active'] = $user['active'];

        $_SESSION['logged_in'] = true;

        header("location: profile.php");
    }
    else {
        $_SESSION['message'] = "You have entered wrong password, try again!";
        header("location: error.php");
    }
}

您正在重置 $password 变量

<?php
//Change this to $password_encrypted
$password = $mysqli->escape_string
            (password_hash($_POST['password'], PASSWORD_BCRYPT));

$password = trim($_POST['password']);//This is overriding the above $password
    $password = strip_tags($password);

尝试将第一个 $password 更改为类似 $password_encrypted 的内容,然后在 SQL 语句中使用它

$sql = "INSERT INTO users (first_name, user_name, 
                                  email, password, hash) ".
                                  "VALUES ('$first_name','$user_name',
                                  '$email','$password_encrypted', '$hash')";

此外,我没有注意到在您提供的代码中设置了 $hash 变量,我假设这是在其他地方设置的?