我使用password_compat.php来使用password_hash和password_verify函数。我用的是河豚算法。password_verify似乎不起作用,它与数据库中存储的哈希不匹配。我必须用password_verify指定算法还是salt?
reigster脚本:
$hash = password_hash($pass, PASSWORD_BCRYPT);
$qry = "INSERT INTO users (email, fname, lname, gender, p4s5) VALUES ('$email', '$fname', '$lname', '$gender', '$hash')";
$result = mysqli_query($dblink, $qry) or die(mysqli_error($dblink));
登录脚本:
$qry = "SELECT * FROM users WHERE email='$email' LIMIT 1";
$result = mysqli_query($dblink, $qry);
if (!mysqli_num_rows($result) > 0) {
// email not in database, error
$loginErrors .= "<li>Username or password wrong</li>";
} else {
$row = mysqli_fetch_assoc($result);
// verify password;
$hash = $row["p4s5"];
if (password_verify($pass, $hash)) {
// not same, error
$loginErrors .= "<li>Username or password wrong</li>";
} else {
// login user
$id = $row["id"];
$fname = $row["fname"];
$lname = $row["lname"];
login($id, $email, $fname, $lname);
header("Location: ".$_SESSION["last-page"]);
}
}
表格结构:
创建表users(id int(11)NOT NULL AUT…
检查数据库中的密码长度,这可能是您的问题。