为什么password_verify返回false?

我正在使用a password_verify检查我的哈希密码。我有PHP 5.5:

   $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

// if no connection errors (= working database connection)

if (!$this->db_connection->connect_errno) {

// escape the POST stuff

$user_name = $this->db_connection->real_escape_string($_POST['user_name']);

// database query, getting all the info of the selected user (allows login via email address in the

// username field)

$sql = "SELECT user_name, user_email, user_password_hash

FROM users

WHERE user_name = '" . $user_name . "' OR user_email = '" . $user_name . "';";

$result_of_login_check = $this->db_connection->query($sql);

// if this user exists

if ($result_of_login_check->num_rows == 1) {

// get result row (as an object)

$result_row = $result_of_login_check->fetch_object();

// using PHP 5.5's password_verify() function to check if the provided password fits

// the hash of that user's password

if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {

// write user data into PHP SESSION (a file on your server)

$_SESSION['user_name'] = $result_row->user_name;

$_SESSION['user_email'] = $result_row->user_email;

$_SESSION['user_login_status'] = 1;

false上车了password_verify。我已经检查了posts的值和mysql user_password_hash返回。

我不知道为什么它返回假

有任何想法吗?

回答:

手册中的列长度可能是问题所在: 建议将结果存储在可扩展超过60个字符的数据库列中(255个字符是一个不错的选择)。

链接

以上是 为什么password_verify返回false? 的全部内容, 来源链接: utcz.com/qa/416771.html

回到顶部