PHP验证哈希密码在我的功能中不起作用
我正在尝试为我的网站创建一个API,为此我已经为此创建了一个函数。但是该功能无法使用POST功能在POSTMAN中验证我的密码。我一生无法理解我哪里错了。
数据库中的密码使用php hash函数输入:
$password =password_hash($pass, PASSWORD_DEFAULT);
。
public function userLogin($username, $password){
$stmt = $this->con->prepare("SELECT password FROM farms WHERE farmname = ? ");
$stmt->bind_param("s", $username);
$stmt->execute();
$row = $stmt->get_result()->fetch_assoc();
$hash = $row['password'];
if (password_verify($hash, $password)) {
return $stmt->num_rows > 0;
}
}
Login.php文件
require_once '../includes/DbOperations.php';
$response = array();
if($_SERVER['REQUEST_METHOD']=='POST'){
if(isset($_POST['username']) and isset($_POST['password'])){
$db = new DbOperations();
if($db->userLogin($_POST['username'], ($_POST['password']))){
$user = $db->getUserByUsername($_POST['username']);
$response['error'] = false;
$response['username'] = $user['farmname'];
}else{
$response['error'] = true;
$response['message'] = "Invalid username or password";
}
}else{
$response['error'] = true;
$response['message'] = "Required fields are missing";
}
}
echo json_encode($response);
我没有得到用户名,而是不断收到错误消息:
{“错误”:true,“消息”:“无效的用户名或密码”}
慕村2256943回答
-
慕田峪7331174
交换参数:if (password_verify($password,$hash)) { -
HUH函数
我认为该userLogin函数应该返回一个值(true / false),而不管密码是否匹配,以便if / else逻辑起作用。由于返回值为password_verifytrue或false,因此可以简单地返回。public function userLogin($username, $password){ $sql='select `password` from `farms` where `farmname` = ?' $stmt=$this->con->prepare( $sql ); if( !$stmt )return false; $stmt->bind_param( 's', $username ); $res=$stmt->execute(); if( !$res )return false; $stmt->store_result(); $stmt->bind_result( $pwd ); $stmt->fetch(); $stmt->free_result(); $stmt->close(); return password_verify( $password, $pwd );}--忙着在车库里忙碌,但根据我数据库中的数据迅速整理了上述功能的一些演示。<?php if( $_SERVER['REQUEST_METHOD']=='POST' ){ $dbhost = 'localhost'; $dbuser = 'root'; $dbpwd = 'xxx'; $dbname = 'experiments'; $db = new mysqli( $dbhost, $dbuser, $dbpwd, $dbname ); /* the class from which userLogin originates was unknown so I guessed and made an ultra basic representation of what it might be. */ class user{ private $con; public function __construct( $con ){ $this->con=$con; } public function userLogin($username, $password){ $sql='select `password` from `farms` where `farmname` = ?'; /* as I do not have a table `farms` I chose another table that has a hashed password column to test against. */ $sql='select `hashpwd` from `users` where `username`=?'; $stmt=$this->con->prepare( $sql ); if( !$stmt )return false; $stmt->bind_param( 's', $username ); $res=$stmt->execute(); if( !$res )return false; $stmt->store_result(); $stmt->bind_result( $pwd ); $stmt->fetch(); $stmt->free_result(); $stmt->close(); return password_verify( $password, $pwd ); } }//end class /* instantiate the class with the db as an argument */ $user=new user( $db ); /* capture POST vars */ $username=filter_input( INPUT_POST,'username',FILTER_SANITIZE_STRING ); $password=filter_input( INPUT_POST,'password',FILTER_SANITIZE_STRING ); /* test if the password was OK or not... */ if( $user->userLogin($username,$password) ){ echo "OK"; } else { echo "Bogus"; } exit(); }?><!DOCTYPE html><html> <head> <meta charset='utf-8' /> <title>Farm - Form - mySQLi</title> </head> <body> <form method='post'> <input type='text' name='username' /> <input type='password' name='password' /> <input type='submit' /> </form> </body></html>毫不奇怪,结果"OK"表明该功能按预期工作。因此,总而言之,我建议问题出在其他地方 -
慕村9548890
我认为您的功能在if之后需要else语句例如:if (password_verify($hash, $password)) { return $stmt->num_rows > 0; }else{}
随时随地看视频慕课网APP
PHP