首頁猿問 PHP驗證哈希密碼在我的功能中不起作用

PHP驗證哈希密碼在我的功能中不起作用

PHP

慕村225694 2021-05-06 13:08:04

我正在嘗試為我的網(wǎng)站創(chuàng)建一個API，為此我已經(jīng)為此創(chuàng)建了一個函數(shù)。但是該功能無法使用POST功能在POSTMAN中驗證我的密碼。我一生無法理解我哪里錯了。數(shù)據(jù)庫中的密碼使用php hash函數(shù)輸入： $password =password_hash($pass, PASSWORD_DEFAULT); 。public function userLogin($username, $password){ $stmt = $this->con->prepare("SELECT password FROM farms WHERE farmname = ? "); $stmt->bind_param("s", $username); $stmt->execute(); $row = $stmt->get_result()->fetch_assoc(); $hash = $row['password']; if (password_verify($hash, $password)) { return $stmt->num_rows > 0; }}Login.php文件require_once '../includes/DbOperations.php';$response = array();if($_SERVER['REQUEST_METHOD']=='POST'){ if(isset($_POST['username']) and isset($_POST['password'])){ $db = new DbOperations(); if($db->userLogin($_POST['username'], ($_POST['password']))){ $user = $db->getUserByUsername($_POST['username']); $response['error'] = false; $response['username'] = $user['farmname']; }else{ $response['error'] = true; $response['message'] = "Invalid username or password"; } }else{ $response['error'] = true; $response['message'] = "Required fields are missing"; }}echo json_encode($response);我沒有得到用戶名，而是不斷收到錯誤消息：{“錯誤”：true，“消息”：“無效的用戶名或密碼”}

查看完整描述

3 回答

慕田峪7331174

TA貢獻1828條經(jīng)驗獲得超13個贊

交換參數(shù)：

if (password_verify($password,$hash)) {

反對回復 2021-05-28

HUH函數(shù)

TA貢獻1836條經(jīng)驗獲得超4個贊

我認為該userLogin函數(shù)應該返回一個值（true / false），而不管密碼是否匹配，以便if / else邏輯起作用。由于返回值為password_verifytrue或false，因此可以簡單地返回。

public function userLogin($username, $password){

$sql='select `password` from `farms` where `farmname` = ?'

$stmt=$this->con->prepare( $sql );

if( !$stmt )return false;

$stmt->bind_param( 's', $username );

$res=$stmt->execute();

if( !$res )return false;

$stmt->store_result();

$stmt->bind_result( $pwd );

$stmt->fetch();

$stmt->free_result();

$stmt->close();

return password_verify( $password, $pwd );

}

--

忙著在車庫里忙碌，但根據(jù)我數(shù)據(jù)庫中的數(shù)據(jù)迅速整理了上述功能的一些演示。

<?php

if( $_SERVER['REQUEST_METHOD']=='POST' ){

$dbhost = 'localhost';

$dbuser = 'root';

$dbpwd = 'xxx';

$dbname = 'experiments';

$db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );

/*

the class from which userLogin originates was unknown so I guessed

and made an ultra basic representation of what it might be.

*/

class user{

private $con;

public function __construct( $con ){

$this->con=$con;

}

public function userLogin($username, $password){

$sql='select `password` from `farms` where `farmname` = ?';

/*

as I do not have a table `farms` I chose another

table that has a hashed password column to test against.

*/

$sql='select `hashpwd` from `users` where `username`=?';

$stmt=$this->con->prepare( $sql );

if( !$stmt )return false;

$stmt->bind_param( 's', $username );

$res=$stmt->execute();

if( !$res )return false;

$stmt->store_result();

$stmt->bind_result( $pwd );

$stmt->fetch();

$stmt->free_result();

$stmt->close();

return password_verify( $password, $pwd );

}

}//end class

/* instantiate the class with the db as an argument */

$user=new user( $db );

/* capture POST vars */

$username=filter_input( INPUT_POST,'username',FILTER_SANITIZE_STRING );

$password=filter_input( INPUT_POST,'password',FILTER_SANITIZE_STRING );

/* test if the password was OK or not... */

if( $user->userLogin($username,$password) ){

echo "OK";

} else {

echo "Bogus";

}

exit();

}

?>

<!DOCTYPE html>

<html>

<head>

<title>Farm - Form - mySQLi</title>

</head>

<body>

</form>

</body>

</html>

毫不奇怪，結果"OK"表明該功能按預期工作。因此，總而言之，我建議問題出在其他地方

反對回復 2021-05-28

慕村9548890

TA貢獻1884條經(jīng)驗獲得超4個贊

我認為您的功能在if之后需要else語句

例如：

if (password_verify($hash, $password)) {

return $stmt->num_rows > 0;

}

else{}

反對回復 2021-05-28

3 回答
0 關注
205 瀏覽

關注

添加回答

舉報

0/150

提交

取消

使用 Ctrl+D 可將網(wǎng)站添加到書簽

微信客服

購課補貼
聯(lián)系客服咨詢優(yōu)惠詳情

幫助反饋 APP下載

慕課網(wǎng)APP
您的移動學習伙伴

公眾號

掃描二維碼
關注慕課網(wǎng)微信公眾號

第七色在线视频,2021少妇久久久久久久久久,亚洲欧洲精品成人久久av18,亚洲国产精品特色大片观看完整版,孙宇晨将参加特朗普的晚宴

熱搜

最近搜索清空

PHP驗證哈希密碼在我的功能中不起作用

PHP驗證哈希密碼在我的功能中不起作用

3 回答

添加回答