我正在尝试在
MySQL中存储一个加密的密码,并且对于寄存器部分,它的工作方式应该如此,当我尝试登录的东西向南时.

我无法针对存储在MySQL中的哈希验证$_POST [‘password’].
我不知道我做错了什么.

这是我的register.php,它可以正常工作：

register.php(工作)

$post_password = mysqli_real_escape_string($_POST['password']);
$password_hash = password_hash($post_password, PASSWORD_BCRYPT);
mysqli_query goes here...

login.php(不工作)

$con = mysqli_connect("XXX","XXX","XXX","XXX");
$post_username = mysqli_real_escape_string($con,$_POST['username']);
$post_password = mysqli_real_escape_string($con,$_POST['password']);

// Getting the stored Hash Password from MySQL
$getHash = mysqli_fetch_assoc(mysqli_query($con, "SELECT * FROM anvandare WHERE username = '$post_username'"));
$got_Hash = $getHash['password'];

// Checking if what the user typed in matches the Hash stored in MySQL
// **This is where it all goes wrong**
if (password_verify($post_password, $got_Hash)) {
echo "The posted password matches the hashed one";
}
else {
echo "The posted password does not match the hashed one";
}

当我运行上面的代码时,只需输入用户名并保留密码字段即可获得“正确密码”消息.

我错过了什么？

最佳答案 实际上,您需要确保在密码列中允许超过100个字符,以便可以在字段中保存所有哈希密码.这也发生在我身上,脚本是正确的,一切正常,但我唯一的错误就是我在密码字段中不允许超过40个字符,这是最大的错误.将最大限制从40增加到100后,一切正常:)