password_verify不起作用[关闭]

Heres my code: -- registered.php -- this file sends the new users username and password to the database

<?php include "config.php"; ?>
<?php 
    $username = $_POST['username'];
    $email = $_POST['email'];
    $mypassword = $_POST['password'];
    $defaultrank = "user";
    $password=password_hash($mypassword, PASSWORD_BCRYPT);
?>


<?php if(isset($_REQUEST['submit'])) { ?>
<?php
$sql = "INSERT INTO usr (username, password, email, rank)
VALUES ('$username', '$password', '$email', '$defaultrank')";

if ($conn->query($sql) === TRUE) { ?>


<meta http-equiv="refresh" content="0; url=register.php#registrationsuccess" />

<?php }
else{ ?>
<meta http-equiv="refresh" content="0; url=register.php#registrationfailed" />
<?php } ?>





<?php $conn->close(); ?>
<?php } ?>

-- redir.php -- This sends the login info to the database to be verified

<link rel="stylesheet" href="css/font-awesome.min.css">
<?php
session_start();
ob_start();
$host="localhost";
$user="root"; 
$pass="root"; 
$db="usr";  
$tbl="usr"; 

mysql_connect("$host", "$user", "$pass")or die("cannot connect"); 
mysql_select_db("$db")or die("cannot select DB");
include 'registered.php';

$myusername=$_POST['myusername']; 
$user = $myusername;
$mypassword=$_POST['mypassword']; 
$pass = $mypassword;
// $password=md5($mypassword);
$hashAndSalt = password_hash($password, PASSWORD_BCRYPT);
$savemyusername = $myusername;
$savemypassword = $mypassword;

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl WHERE username='$myusername' and password='password_verify($password, $hashAndSalt)'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);
if($count==1){
// Sessions //
$_SESSION["pass"] = $pass;
$_SESSION["user"] = $user;
// END //
echo <<<EOF
<meta http-equiv="refresh" content="0; url=membersarea.php" />
EOF;
}

else { ?>
<meta http-equiv="refresh" content="0; url=login.php#loginfailed" />
<?php 
}

ob_end_flush();
?>

The login system works fine with md5 Also the data from registered.php gets sent hashed to the database, its just verifying the data which is the problem

$sql="SELECT [..snip..] and password='password_verify($password, $hashAndSalt)'";
                                      ^^^^^^^^^^^^^^^

You cannot embed PHP code in a string and expect PHP to execute it, nor will MySQl execute PHP code for you, since MySQL has absolutely no idea what PHP is.

Even if that php function call did magically somehow get executed, it can only ever return a boolean value, so your code would (in the magic kingdom) boil down to two possiblities:

... password = false
... password = true