第一行匹配但其他行不匹配 password_verify
First row matched but other rows does not match password_verify
这里是注册码,我用盐将散列密码放在数据库中。
<?php
include '../database/connectDB.php';
if (isset($_POST['submit']))
{
$username= $_POST['leguser'] ;
$password= $_POST['legpass'] ;
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
$pwhash = password_hash($password, PASSWORD_DEFAULT, $options)."\n";
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM tbl_users WHERE fld_username = '". $username ."'");
if (mysql_num_rows($query) > 0)
{
echo "<script>alert('Username already used!');</script>"; }
else
{
mysql_query("INSERT INTO `tbl_users`(fld_username,fld_password)
VALUES ('$username','$pwhash')");
}
}
?>
这是我验证密码的登录代码
<?php
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = '';
$DB_NAME = 'rsi_db';
$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
die('Connection failed [' . $conn->connect_error . ']');
}
if (isset($_POST['submit']))
{
$username= $_POST['user'] ;
$password= $_POST['pass'] ;
$sql = "SELECT * FROM tbl_users WHERE fld_username = '$username'";
$result = $conn->query($sql);
if ($result->num_rows === 1) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if (password_verify($password, $row['fld_password'])) {
echo "Match";
}
else
{
echo "not match";
}
}
}
?>
起初我注册了用户名 = 1 和密码 = 1 并尝试登录并且匹配,但是当我尝试注册有效的用户和密码时,它不匹配。有人可以帮我进一步解决这个问题吗?
提前谢谢你,我只是一个 php 初学者,请不要太辛苦 :)
中有 1 个空格 space
y$H83GgNapOdRZvmVKYtW5.OwL3P4ju/fBHz/KlMIYCr.1M1hhzJbcO <-here
所以如果你将它限制在 60,那么中提琴。 space 现在消失了
尾随换行是你的问题:
$pwhash = password_hash($password, PASSWORD_DEFAULT, $options)."\n";
______
只需将它从行中删除,它就会将 60 个字符的字符串保存到您的数据库中。你应该删除的另一件事是盐的生成,然后函数本身会为你生成一个安全的盐。
$options = ['cost' => 11];
这里是注册码,我用盐将散列密码放在数据库中。
<?php
include '../database/connectDB.php';
if (isset($_POST['submit']))
{
$username= $_POST['leguser'] ;
$password= $_POST['legpass'] ;
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
$pwhash = password_hash($password, PASSWORD_DEFAULT, $options)."\n";
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM tbl_users WHERE fld_username = '". $username ."'");
if (mysql_num_rows($query) > 0)
{
echo "<script>alert('Username already used!');</script>"; }
else
{
mysql_query("INSERT INTO `tbl_users`(fld_username,fld_password)
VALUES ('$username','$pwhash')");
}
}
?>
这是我验证密码的登录代码
<?php
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = '';
$DB_NAME = 'rsi_db';
$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
die('Connection failed [' . $conn->connect_error . ']');
}
if (isset($_POST['submit']))
{
$username= $_POST['user'] ;
$password= $_POST['pass'] ;
$sql = "SELECT * FROM tbl_users WHERE fld_username = '$username'";
$result = $conn->query($sql);
if ($result->num_rows === 1) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if (password_verify($password, $row['fld_password'])) {
echo "Match";
}
else
{
echo "not match";
}
}
}
?>
起初我注册了用户名 = 1 和密码 = 1 并尝试登录并且匹配,但是当我尝试注册有效的用户和密码时,它不匹配。有人可以帮我进一步解决这个问题吗?
提前谢谢你,我只是一个 php 初学者,请不要太辛苦 :)
y$H83GgNapOdRZvmVKYtW5.OwL3P4ju/fBHz/KlMIYCr.1M1hhzJbcO <-here
所以如果你将它限制在 60,那么中提琴。 space 现在消失了
尾随换行是你的问题:
$pwhash = password_hash($password, PASSWORD_DEFAULT, $options)."\n";
______
只需将它从行中删除,它就会将 60 个字符的字符串保存到您的数据库中。你应该删除的另一件事是盐的生成,然后函数本身会为你生成一个安全的盐。
$options = ['cost' => 11];