我的php登录文件有问题。我通过查看电子邮件向数据库询问密码。当我获得这个密码时,我将其与用户填写的密码进行核对。
在password_verify($Passwd, $row['Passwd'])中,结果将始终返回0,但结果应返回1(密码匹配(。
为什么我的密码不匹配?
登录代码:
<?php
if(isset($_POST['submit'])){
include_once '../includes/connection.php';
$Email = $_POST['email'];
$Passwd = $_POST['passwd'];
//Create Template
$sql = "SELECT Passwd FROM user WHERE Email = ?";
//Create Prepared Statement
$stmt = mysqli_stmt_init($conn);
//Prepare Prepared Statement
if(!mysqli_stmt_prepare($stmt, $sql)){
echo "SQL Statement Failed";
} else {
mysqli_stmt_bind_param($stmt, "s", $Email);
mysqli_stmt_execute($stmt);
$res = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_assoc($res)){
echo $Passwd . "<br>";
echo $row['Passwd'];
if(password_verify($Passwd, $row['Passwd'])){
echo "1";
} else {
echo "0";
}
}
}
} else {
header("Location: ../index.php?login=error");
}
?>
注册代码:
<?php
if(isset($_POST['submit'])){
include_once '../includes/connection.php';
$Username = $_POST['username'];
$Email = $_POST['email'];
$Passwd = $_POST['pwd'];
//Create Template
$sql = "INSERT INTO user (Username, Email, Passwd)
VALUES (?, ?, ?);";
//Create Prepared Statement
$stmt = mysqli_stmt_init($conn);
//Prepare Prepared Statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL Statement Failed";
} else {
$hashed_passwd = password_hash($Passwd, PASSWORD_DEFAULT);
//Replace '?' by the acctual data
mysqli_stmt_bind_param($stmt, "sss", $Username, $Email, $hashed_passwd);
//Run parameters inside database
mysqli_stmt_execute($stmt);
}
header("Location: ../index.php?signup=succes");
} else {
header("Location: ./index.php?sinup=error");
}
?>
Passwd是数据库中的varchar(50(列。
password_hash手册上说:
建议将结果存储在可以扩展到60个字符以上的数据库列中(255个字符是一个不错的选择(
因此,您需要为数据库中的密码列指定至少60个字符的大小,但建议使用更大的大小,例如255,以防将来默认哈希算法发生更改。
您还需要重新生成存储在50个字符字段中的任何现有密码,因为它们在保存时会被截断,并且额外的信息已经丢失,这意味着这些旧密码永远无法验证。