1. 首页
  2. 问答
  3. 从OO中的不同对象使用password_hash和password_verify PHP

从OO中的不同对象使用password_hash和password_verify PHP

2017-05-05 33 views
-3

我正在编写一个使用OO PHP的MVC样式应用程序,并且在尝试注册/登录用户时尝试使用不同的类时遇到了问题。基本上,我有一个抽象的用户类,它包含一些常见的属性和函数以及两个扩展它的类:一个用户尝试登录时创建的LoginUser类和一个用户尝试注册时创建的RegisterUser类。从OO中的不同对象使用password_hash和password_verify PHP

我的问题是这样的:当我使用RegisterUser类中调用的查询(使用密码上的password_hash函数)成功地将用户添加到我的数据库,然后尝试通过LoginUser类中调用的查询进行登录(使用password_verify函数),即使提供的密码肯定是在注册时输入的密码,查询结果也会返回false。

我的问题是这样的:password_verify函数是否必须由使用password_hash函数创建哈希的同一类的对象调用?如果是这样,为什么?我曾试着查看PHP文档,搜索结果也不会返回答案!

我问这个问题的原因是因为如果所有的函数都保存在一个User类而不是继承的类中,注册/登录将会成功。

我的用户等级:

abstract class User { 

protected $checkedUserName = ''; 
protected $checkedPassword = ''; 

public function __construct($uncheckedUserName, $uncheckedPassword) { 

    $this->checkedUserName = $this->validateAndSanitizeUserName($uncheckedUserName); 
    $this->checkedPassword = $this->validateAndSanitizePassword($uncheckedPassword); 
} 

protected function validateAndSanitizeUserName($uncheckedUserName) { 
    $string = filter_var($uncheckedUserName, FILTER_VALIDATE_EMAIL); // Checks input is an email 
    $string = filter_var($string, FILTER_SANITIZE_EMAIL); // Removes illegal chars 
    $string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS); // Removes HTML tags, etc replacing them with char codes 
    return $string; 
} 

protected function validateAndSanitizePassword($uncheckedPassword) { 
    $string = filter_var($uncheckedPassword, FILTER_VALIDATE_REGEXP, ["options"=>["regexp"=>"/(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}/"]]); // Checks the password against the regex on the form 
    $string = filter_var($string, FILTER_SANITIZE_SPECIAL_CHARS); // Removes HTML tags, etc replacing them with char codes 
    return $string; 
} 

protected function checkIfUserExists() { 
    // Set the initial status of user exists 
    $userExists = false; 
    // Open a connection to the database 
    $con = Db::getInstance(); 

    // Prepare the query 
    $checkIfUserExists = $con->prepare("SELECT * FROM users2 WHERE username=?"); 
    //Execute the query with the checked username 
    $checkIfUserExists->execute([$this->checkedUserName]); 
    // Set $userExists dependent on result 
    if($checkIfUserExists->rowCount() !== 0) { 
    $userExists = true; 
    } 
    return $userExists; 
}

}

我LoginUser类:

class LoginUser extends User{ 

public function __construct($uncheckedUserName, $uncheckedPassword) { 

    parent::__construct($uncheckedUserName, $uncheckedPassword); 
} 

private function getPasswordHashes() { 
    // Only connect to the database when connection is needed 
    $con = Db::getInstance(); 

    // Check if username and password match 
    // Prepare the query 
    $checkUser = $con->prepare("SELECT * from users2 WHERE username = ?"); 
    // Execute the query using an array to bind the parameter to ? 
    $checkUser->execute([$this->checkedUserName]); 

    return $checkUser; 
} 

public function getLogInResult() { 
    // Initialise the results variable 
    $resultsFound = 0; 

    // Only proceed if the username actually exists 
    if($this->checkIfUserExists()) { 

    // Call the function to get the records that match the username 
    $checkUser = $this->getPasswordHashes(); 

    // Check to see if exactly one match was found and verify the password 
    if($checkUser->rowCount() === 1) { // Note this may not work in other databases - it does in MySQL 
     foreach($checkUser as $user) { 
     if(password_verify($this->checkedPassword, $user['passwordHash'])) { 
      $resultsFound++; 
     } 
     } 
    } 
    return $resultsFound; 
}

}}

我RegisterUser类:

lass RegisterUser extends User{ 

private $checkedFirstName = ''; 
private $checkedLastName = ''; 

public function __construct($uncheckedUserName, $uncheckedPassword, $uncheckedFirstName, $uncheckedLastName) { 

    parent::__construct($uncheckedUserName, $uncheckedLastName); 
    $this->checkedFirstName = $this->sanitizeString($uncheckedFirstName); 
    $this->checkedLastName = $this->sanitizeString($uncheckedLastName); 
} 

private function sanitizeString($uncheckedString) { 
    $string = filter_var($uncheckedString, FILTER_SANITIZE_STRING); 

    return $string; 
} 

private function insertUserDetails() { 
    // Hash the supplied password in preparation for insertion 
    //$hashedPassword = password_hash($this->checkedPassword, PASSWORD_DEFAULT); 

    // Connect to the database 
    $con = Db::getInstance(); 

    // Prepare the query 
    $addUser = $con->prepare("INSERT INTO users2 VALUES (?, ?, ?, ?)"); 

    // Execute the query using an array to bind the parameters 
    $addUser->execute([$this->checkedUserName, password_hash($this->checkedPassword, PASSWORD_DEFAULT), $this->checkedFirstName, $this->checkedLastName]); 

    // Return the result 
    return $addUser; 
} 

public function getRegisterResult() { 
    // Initialise the variable to store the result state 
    $result = false; 

    // Only proceed if the username does not exist 
    if(!($this->checkIfUserExists())) { 
    $addUser = $this->insertUserDetails(); 

    // If the details were successfully added 
    if($addUser->rowCount() === 1) { 
     $result = true; 
    } 
    } 
    return $result; 
}

}

因此,在完成登记表的情况下,getRegisterResult()函数称为新RegisterUser对象上。登录时,该getLoginResult()函数被调用一个新的LoginUser对象上,但结果返回false ...

来源

2017-05-05 Ed Wright

+1

我们不是心理学家根据描述找出代码。如果您需要帮助,请提供您的代码。 –

回答

0

在回答我的问题,它并不重要的类使用password_hash和password_verify,如果有与匹配密码来验证,并从数据库散列它应该返回一个积极的结果!

问题同__construct()RegisterUser类 - 呼叫到$uncheckedLastName而非$uncheckedPassword,因此密码通过父被设置在注册时并没有什么密码字段中提供的,但什么是在提供姓氏字段!

来源

2017-05-05 11:18:05

相关问题

 相关问题