{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Emotional °昔 的问题《php password_hash and password_verify looked all o》','https://www.manongdao.com/q-814439.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
UPDATE So this is an embarrassingly stupid admission, but the issue was that the hash I had stored in the database was a hash of 'password' including the quotes, there was no issue with the queries I wrote, the issue was between the chair and the keyboard.
So this is an often asked question, and I've looked all over stackoverflow and google trying to find out the answer, and have so fare been unsuccessful.
I have a table of "agents" with logins and password assigned to each agent. The password field is a varchar with a length of 255.
Here is my php code:
$conn = new mysqli( "localhost", "VABEN", "**********", "VABen" );
if( $conn->connect_error )
{
die( "Connection failed!" . $conn->connect_error );
}
$username = $_POST["username"];
$password = $_POST["password"];
$s = $conn->prepare( "SELECT `agent_password` FROM `VABen`.`agents` WHERE `agent_login`=?" );
$s->bind_param( "s", $username );
$s->execute();
$hash = $s->get_result();
$hash = $hash->fetch_array( MYSQLI_ASSOC );
$testpw = password_hash( 'password', PASSWORD_DEFAULT );
echo "Comparing submitted password to locally created hash $testpw which has a length of " . strlen($testpw) . "<br>";
if( password_verify( $password, $testpw ) )
{
echo "Password '$password' matches with hash $testpw<br>";
}
else
{
echo "Password '$password' does not match with hash $testpw<br>";
}
echo "<br>";
echo "Supplied Password: '$password'<br>";
echo "Queried Hash: " . $hash['agent_password'] . " which has a length of " . strlen( $hash['agent_password'] ) . "<br>";
echo "Result of password_verify: ";
if( password_verify( $password, $hash['agent_password'] ) )
echo "true<br>";
else
echo "false<br>";
I am at a loss. It only seems to work when I supply a locally created copy of password_hash, and if I then use that locally created copy in the MySQL database, it fails.
Any ideas?
Store the hash
Have you checked that
agent_passwordis storing a hash generated by:Check PDO standards
Probably has no effect, but it is worth following standards for the differnt implementations of
bindParam. If you're using the?method, then:There are several odd implementations of PDO in your script, try adjusting:
Change subsequent calls of
$hash['agent_password']to just$hashinstead.Test Basic Operation
Test the folowing:
Then, also try storing that hash, and retrieving it again, from mysql, prior to the final verify step.
Finally
I deeply suspect that what is stored in
agent_passwordis not in fact a password hashed withpassword_hash.