在发帖之前我已经浏览了一堆其他问题。现在我已经厌倦了用头撞墙。 从注册页面转到登录页面时似乎存在问题,该问题与数据库有某种关系。
class USER
{
private $conn;
public function __construct()
{
$database = new Database();
$db = $database->dbConnection();
$this->conn = $db;
}
public function register($fname,$l_init,$umail,$upass)
{
try
{
$new_password = password_hash($upass, PASSWORD_DEFAULT);
$stmt = $this->conn->prepare("INSERT INTO users(first_name,last_initial,email,salt)
VALUES(:fname, :l_init, :umail, :upass)");
$stmt->bindparam(":fname", $fname);
$stmt->bindparam(":l_init", $l_init);
$stmt->bindparam(":umail", $umail);
$stmt->bindparam(':upass', $new_password);
if(password_verify($upass, $new_password))
{
$stmt->execute();
echo "password verify works"; //$stmt->rowCount();
}
else
{
echo "password verify is corrupt";
sleep(5);
die;
}
//$resp = $stmt->fetch(PDO::FETCH_ASSOC);
/*if($stmt->rowCount() == 1)
{
$success = "New User created! Redirecting....";
}
else
{
$success = false;
}
return $success; */
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function doLogin($umail,$upass)
{
try
{
$stmt = $this->conn->prepare("SELECT * FROM users WHERE email=:umail");
//bind params here
$stmt->bindparam(":umail", $umail);
$stmt->execute();
echo $stmt->rowCount(); //echo if there is a returned result row
$resp = $stmt->fetch(PDO::FETCH_ASSOC);
// checking for any variance between single/double quotes
$one = $resp["salt"];
$two = $resp['salt'];
echo "first check".$one;
echo "<br> second check" . $two . "<br>";
//original check for existance of a match
if($stmt->rowCount() == 1)
{ session_start();
echo "third check" . $upass . '<br>';
echo "4th check" . password_verify($upass, $resp['salt']) . '<br>';
echo "hash gen" . password_hash($upass, PASSWORD_DEFAULT) . '<br>';
if($resp['salt'] == password_hash($upass, PASSWORD_DEFAULT))
{echo "true somehow";}
sleep(20);
if(password_verify($upass, $resp['salt']))
{
session_start();
$_SESSION['user_session'] = $resp['first_name'];
return true;
}
else
{
return false;
}
}
else
{
$e_response = "Were sorry but that email is not Registered <br> Please check your spelling and try again";
return $e_response;
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
1) 数据库存储为 varchar 255。 尝试将新用户注册到数据库时会导致正确的密码验证测试。 然而,我所有强制password_verify与doLogin函数一起工作的尝试都失败了。
我添加了一些困惑的 echo 只是为了看看实际输出的内容。
我看到的是以下内容:
first check$ 2y$10$HwC2tF1hELiqJ2QEL8Oeju1L3Ore26GSnxh6CiibPbiNwPIpVUIfi
second check $2y$10$HwC2tF1hELiqJ2QEL8Oeju1L3Ore26GSnxh6CiibPbiNwPIpVUIfi
third check testpass
4th check (blank- assuming this means false? or something else?)
hash gen $2y$10$K5j3GlqjQ7OVew9yj1FbRuF1FFin9egPVq/Uzv8D0UzsU/LKH4FDa
我整夜没睡,想知道我可能做错了什么。 我有一个原始数据库用户可以识别密码,但是该哈希值不是在 SQL 查询中动态创建的。它已创建并手动复制到数据库中。 请帮忙
最佳答案
echo password_verify("",'$2y$10$HwC2tF1hELiqJ2QEL8Oeju1L3Ore26GSnxh6CiibPbiNwPIpVUIfi')."\n";
返回 1。
意味着在register()中传递的$upass为空。
鉴于您的代码如此困惑,难怪它在某个地方被遗漏了。
关于php - 另一个password_verify()问题可能与数据库相关,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43695133/