时间戳

首页 > 解决方案 > 密码哈希返回密码不匹配

php - 密码哈希返回密码不匹配

问题描述

我在注册过程中创建了一个 password_hash,当我回来登录并在 password_verify 的帮助下输入电子邮件和密码时,它会输出密码不匹配。为了检查我的查询是否有效,我使用此链接http://www.passwordtool.hu/php5-password-hash-generator中的在线工具生成了密码哈希

这成功地允许用户登录,但 password_hash 自动生成的哈希总是失败,这意味着我的查询没问题。有没有办法让 password_hash 正常工作?

任何帮助都会很有用。提前致谢,

我尝试使用静态密码哈希,它看起来像 $2y$10$3xrOcCz5fewSd90zS7dgseINs1WpD132MtrWjFmG3qSQcNDXpcgbe,即 Password@123

Ajax 处理注册

        $(function() {
            $(".log").click(function() {
                var email = $("#email").val();
                var password = $("#password").val();
                var confirm_password = $("#confirm_password").val();
                var dataString = 'email='+ email + '&confirm=' + confirm;

                if(email=='' ||password=='' || confirm_password=='' || (password !=confirm_password))
                {
                    swal("Sorry !", "Couldn't create your account !", "error");
                }

                else
                {
                    $.ajax({
                        type: "POST",
                        url: "join.php",
                        data: dataString,
                        success: function(){
                            //$('.success').fadeIn(200).show();
                            //$('.error').fadeOut(200).hide();
                            swal("Thanks !","Your account is created !"+" "+"Redirecting you to login","success");


                            setTimeout(function () {
                                window.location.href = "login.php"; //will redirect to your blog page (an ex: blog.html)
                            }, 2000);
                        }
                    });
                }
                return false;
            });
        });
    </script>

注册流程


    require_once('dbconn.php');


    if($_POST)
    {

        $email = $_POST['email'];
        $cpassword = $_POST['confirm_password'];
        $hashed = password_hash($cpassword, PASSWORD_DEFAULT);

        $sql = "INSERT INTO user_login (user_email, user_password) VALUES (?,?)";
        $stmt = mysqli_prepare($conn, $sql);
        mysqli_stmt_bind_param($stmt, "ss", $email, $hashed);
        $result = mysqli_stmt_execute($stmt);

        if ($result) {
            echo "Successfully Inserted !";
            //echo '<script type="text/javascript">';
            //echo 'setTimeout(function () { swal("Thanks!","Your account is created !","success");';
            //echo '}, 1000);</script>';

        }

        else{
            echo "Error occurred! ".mysqli_stmt_errno($stmt)." ".mysqli_stmt_error($stmt)." "; 
            $error = mysqli_stmt_error($stmt);
        }

    }

    mysqli_close($conn);

?>

登录


        if(isset($_POST['btn_lg'])) {

            $email = $_POST['email'];
            $password = $_POST['password'];

            $sql = "SELECT `user_email`, `user_password` FROM `user_login` WHERE `user_email` = ?";

            $stmt = mysqli_prepare($conn, $sql);
            mysqli_stmt_bind_param($stmt,"s", $email);

            $result = mysqli_stmt_execute($stmt);
            mysqli_stmt_store_result($stmt);
            mysqli_stmt_bind_result($stmt, $email, $pass);
            mysqli_stmt_fetch($stmt);

            if(mysqli_stmt_num_rows($stmt) === 1)
            {

                //$row = mysqli_stmt_fetch($stmt);

                $hash = $pass;

                //echo $hash;




                if(password_verify($password, $hash))
                {
                    $_SESSION['Logged'] = true;

                    $_SESSION['email'] = $email;

                    ?>
                        <script type="text/javascript">
                            window.location.href="test.php";
                        </script>
                    <?php
                }


                else
                {
                    echo  "The username or password do not match" ;
                }

            }


            else 
            {
                echo "Login Failed ! " .mysqli_stmt_errno($stmt)." ".mysqli_stmt_error($stmt)." ";  
            }

        }
    ?>

我希望登录结果为真,但输出为假

标签: phppassword-hash

解决方案

推荐阅读