password_verify不会返回true我会做什么

Question

无论我在做什么，我只会得到密码或用户名是不正确的字符串。什么问题？我试图运行php的网站示例，它工作，所以什么我做错了吗？ 下面的代码的家伙：

<?php 

include __DIR__.'/includes/database.php'; 


class Login{ 

    public function validateCredentials($username, $password){ 
     global $mysqli; 
     $query = "SELECT password FROM users WHERE username = '".mysqli_real_escape_string($mysqli,$username)."';"; 
     $result = $mysqli->query($query); 
     $row = $result->fetch_array(MYSQLI_NUM); 
     if(password_verify($row['0'],$password)){return true;} 
     return false; 

    } 
} 

$object = new Login(); 

if(isset($_POST['username'])&&isset($_POST['password'])) 
{ 
    if($object->validateCredentials($_POST['username'],$_POST['password'])) 
    { 
     echo 'Logged in!'; 
    } 
    else 
    { 
     echo 'Password or username incorrect!'; 
    } 
} 
else 
{ 
    echo 'Username or password not entered!'; 
} 
?> 

Answer 1

让我们为password_verify检查：

boolean password_verify (string $password , string $hash) 

看到的 - 第一个参数是密码，第二个是哈希值。 在你的代码是相反，你应该使用

if(password_verify($password, $row['0'])){return true;} 

Answer 2

尝试......

<?php 

    include __DIR__.'/includes/database.php'; 


    class Login{ 

     public function validateCredentials($username, $password){ 
      global $mysqli; 
      $query = "SELECT password FROM users WHERE username = '".mysqli_real_escape_string($mysqli,$username)."';"; 
      $result = $mysqli->query($query); 
      $row = $result->fetch_array(MYSQLI_NUM); 
      return password_verify($password, $row['0']); 

     } 
    } 

    $object = new Login(); 

    if(isset($_POST['username'])&&isset($_POST['password'])) 
    { 
     if($object->validateCredentials($_POST['username'],$_POST['password'])) 
     { 
      echo 'Logged in!'; 
     } 
     else 
     { 
      echo 'Password or username incorrect!'; 
     } 
    } 
    else 
    { 
     echo 'Username or password not entered!'; 
    } 
    ?>