问题
I have been scratching my head on this for over 2 hours. I have researched articles on stackoverflow including:
Issue with Bcrypt not verifying correctly
php password_hash and password_verify issues no match
`password_verify` call returning false for correct password
And I havent been able to correct my issue. I would appreciate some guidance on how much of an idiot I am being:
Function to insert data into MySQL database:
function insertUser($userObj) {
$query = $this->databaseConnection->getStntPrepare()->prepare(
"INSERT INTO user(username, userpassword) VALUES (?,?);");
$username = $userObj->getUsername();
$password = password_hash('testing1234', PASSWORD_BCRYPT);
$query->bind_param('ss', $username, $password);
}
Verification of user login by retrieving data from MySQL:
function findUser($userObj) {
$query = $this->databaseConnection->getStntPrepare()->prepare(
"SELECT userid, userpassword
FROM user
WHERE username=?");
$pass = 'testing1234'
$query->bind_param('s', $userObj->getUsername());
$query->execute();
$query->bind_result($userid, $hash);
while ($query->fetch()) {
if (password_verify($pass, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
}
}
When run I get 'Invalid password.'
When I do the below without inserting into database then retrieving:
$hash = password_hash('testing1234', PASSWORD_BCRYPT);
if (password_verify('testing1234', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
I get 'Password is valid!'
I believe my problem is something to do with single and double quotes and the interpretation of dollar sign ($) in the password field, as a variable instead of literal (as one of the articles suggests) when storing/retrieving from MySQL database - however I haven't had any luck in resolving. Below is the hash value of 'testing1234':
$2y$10$1/oQEuYX67n.U3usxH.7tenNq7hT2dKyBSIZsy5xR3W
回答1:
Problem was in the database - nothing to do with password_verify or password_hash. Datatype had a maximum amount of characters (only defined to 40 as I was made to by MySQL when creating tables). Moved to 60 and no more issues.
来源:https://stackoverflow.com/questions/19891355/php-password-verify-issue