//index.php
<html>
<head>
<!--utf html5 declareren-->
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" type="text/css" href="cssreset.css">
</head>
<body>
<form action="login.php" method="POST">
username: <input type="text" name="usernamebox" required> <br>
password: <input type="password" name="passwordboxlogin" required> <br>
<input type="submit" value="Login">
</form>
<form action="register.php">
<input type="submit" value="Click here if you want to register">
</form>
</body>
</html>
//login.php
<?php
session_start();
error_reporting(E_ALL);
include ('connect.php');
$username = $_POST['usernamebox'];
$password = $_POST['passwordboxlogin'];
$_SESSION['usernamebox'] = $username;
//$db->query("SELECT * FROM `users` WHERE `username` = '$username'");
//
//$db->query("SELECT * FROM `users` WHERE `password` = '$password'");
//nieuw
$hash = "SELECT password FROM users WHERE username= '$username' ";
if (password_verify($password, $hash))
{
echo 'Password is valid!';
//header("Location: userpage.php");
}
else
{
echo 'Invalid password.';
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
</body>
</html>
我是一名IT学生,我似乎无法使这个password_verify()功能发挥作用。
我基本上试图将mysqli中的密码哈希与login.php中POST表单中给出的密码进行比较。密码已正确散列到我的数据库。
答案 0 :(得分:0)
你的功能错了。您需要输入密码和散列密码,然后比较两者。你想要这样的东西:
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
首先,您必须查询数据库并获取哈希密码然后进行比较。在您的示例中,您正在散列实际的查询字符串本身。