1. Zuhause
  2. Frage und Antwort
  3. password_verify ($ _ POST ['passwort'], $ hash) gib immer falsches Passwort zurück

password_verify ($ _ POST ['passwort'], $ hash) gib immer falsches Passwort zurück

2017-06-01 5 views
1

Meine Frage ist, wenn ich mich mit dem richtigen Passwort anmelde, wird immer noch die Fehlermeldung "Sie haben ein falsches Passwort eingegeben, versuchen Sie es erneut! .“(Register funktioniert gut, Kontrolle der Teil, wenn der Benutzer bereits Werke existiert in Ordnung) Hier ist der Code:

register.php (works): 
<?php 
include('db_conn.php'); //db connection 
session_start(); 

/* Registration process, inserts user info into the database 
    and sends account confirmation email message 
*/ 

$_SESSION['email'] = $_POST['email']; 
$_SESSION['full_name'] = $_POST['name']; 

// Escape all $_POST variables to protect against SQL injections 
$full_name = $mysqli->escape_string($_POST['name']); 
$email = $mysqli->escape_string($_POST['email']); 
$password = $mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT)); 
$usertype = $mysqli->escape_string("A"); 
$hash = $mysqli->escape_string(md5(rand(0,1000))); 

// Check if user with that email already exists 
$result = $mysqli->query("SELECT * FROM user WHERE Email='$email'") or die($mysqli->error()); 

if (isset($_POST["submit"])){ 
// We know user email exists if the rows returned are more than 0 
    if ($result->num_rows > 0) { 

     $_SESSION['message'] = 'User with this email already exists!'; 
     // header("location: error.php"); 

    } 
    else { // Email doesn't already exist in a database, proceed... 

     $sql = "INSERT INTO user (Email, Password, UserType, FullName, Hash) " 
      . "VALUES ('$email','$password', '$usertype','$full_name', '$hash')"; 

     // Add user to the database 
     if ($mysqli->query($sql)){ 


      $_SESSION['logged_in'] = true; // So we know the user has logged in 
      $_SESSION['message'] = 

        "You are registered"; 

      header("location: home.php"); 
     } 

     else { 
      $_SESSION['message'] = 'Registration failed!'; 
      // header("location: error.php"); 
     } 

    } 
} 

?> 




sign_in.php (not working properly): 
<?php 
include('db_conn.php'); //db connection 
session_start(); 

$email = $mysqli->escape_string($_POST['email']); 
$result = $mysqli->query("SELECT * FROM user WHERE Email='$email'"); 


if (isset($_POST["submit"])){ 
    if ($result->num_rows == 0){ // User doesn't exist 
     $_SESSION['message'] = "User with that email doesn't exist!"; 
     // header("location: error.php"); 
    } 
    else { // User exists 
     $user = $result->fetch_assoc(); 
     echo $_POST['password'].$user['Password']; 
     if (password_verify($_POST['password'], $user['Password'])) { 

      $_SESSION['email'] = $user['Email']; 
      $_SESSION['full_name'] = $user['Name']; 
      $_SESSION['user_type'] = $user['UserType']; 


      // This is how we'll know the user is logged in 
      $_SESSION['logged_in'] = true; 

      header("location: home.php"); 
     } 
     else { 
      $_SESSION['message'] = "You have entered wrong password, try again!"; 
      // header("location: error.php"); 
     } 
    } 
} 

?>

Quelle

2017-06-01 Shan Huang

+0

Wird in der Datenbank der Hashwert des mit 'password_hash()' generierten Passworts gespeichert? –

+0

Mögliches Duplikat von [password \ _verify immer ungültiges Passwort, obwohl das Passwort korrekt ist] (https://stackoverflow.com/questions/42945269/password-verify-always-invalid-password-although-password-is-correct) – amarnath

+0

@MilanCheda Ja, es speichert Hash-Wert des Passworts –

Antwort

1

sie das Passwort-Hash nicht entkommen, es ist sicher zu Eingang direkt in die DB:

$mysqli->escape_string(password_hash($_POST['password'], PASSWORD_BCRYPT));

zu:

password_hash($_POST['password'], PASSWORD_BCRYPT);

Quelle

2017-06-01 04:40:27 Enstage

+0

Ich kann mich immer noch nicht richtig anmelden. –

Verwandte Themen

 Verwandte Themen