用pdo传递password_hash字段 [英] pass in password_hash field with pdo
问题描述
我正在尝试将密码md5处理到数据库中,这是相关代码:
I am trying to process a password as md5 into the database, this is the concerned code:
include_once("config.php");
session_start();
if(isset($_POST['signup'])){
$name = $_POST['name'];
$email = $_POST['email'];
$pass = $_POST['pass'];
$insert = $pdo->prepare("INSERT INTO users (name,email,pass)
values(:name,:email,:pass) ");
$insert->bindParam(':name',$name);
$insert->bindParam(':email',$email);
$insert->bindParam(':pass',$pass);
$insert->execute();
}elseif(isset($_POST['signin'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
$select = $pdo->prepare("SELECT * FROM users WHERE email='$email' and pass='$pass'");
$select->setFetchMode();
$select->execute();
$data=$select->fetch();
if($data['email']!=$email and $data['pass']!=$pass) {
echo "invalid email or pass";
}
elseif($data['email']==$email and $data['pass']==$pass) {
$_SESSION['email']=$data['email'];
$_SESSION['name']=$data['name'];
header("location:profile.php");
}
}
数据库中哪种长度适合存储此哈希密码?
What length in the db would be appropriate to store this hashed password?
以及我如何使用它:
$hashed_password = password_hash($pass, PASSWORD_DEFAULT);
var_dump($hashed_password);
以及如果密码正确的if语句?
and the if statement if the password was ok?
推荐答案
阅读手册或在教程中查看示例后,它确实非常简单.有关详细信息,请参见代码中的注释
Its really quite simple once you read the manual or see an example in a tutorial. See comments in the code for details
<?php
include_once("config.php");
session_start();
if(isset($_POST['signup'])){
$name = $_POST['name'];
$email = $_POST['email'];
// at signup you hash the user provided password
$pass = password_hash($_POST['pass'], PASSWORD_DEFAULT);
$insert = $pdo->prepare("INSERT INTO users (name,email,pass)
values(:name,:email,:pass) ");
$insert->bindParam(':name',$name);
$insert->bindParam(':email',$email);
$insert->bindParam(':pass',$pass); // this stores the hashed password
$insert->execute();
}elseif(isset($_POST['signin'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
// as the password on the DB is hashed you cannot use the
// plain text password in the SELECT here as it wont match
$select = $pdo->prepare("SELECT * FROM users WHERE email=:email");
// no idea what this was doing
//$select->setFetchMode();
$select->bindParam(':email',$email);
$select->execute();
$row = $select->fetch(PDO::FETCH_ASSOC);
// verify the plain text password against the
// hashed value from DB in $row['pass']
if( password_verify($pass, $row['pass']) ){
$_SESSION['email'] = $data['email'];
$_SESSION['name'] = $data['name'];
header("location:profile.php");
exit;
} else {
echo "invalid email or pass";
}
}
对于需要保留此哈希值的数据库中列的长度,它为 手册中记录的
And as to the length of the column in the database that you need to hold this hashed value, it is documented in the manual
当前支持以下算法:
The following algorithms are currently supported:
-
PASSWORD_DEFAULT-使用bcrypt算法(自PHP 5.5.0起为默认值).请注意,此常数旨在随着时间的推移而变化,因为新的和更强大的算法已添加到PHP.因此,使用此标识符的结果的长度可能会随时间变化.因此,建议将结果存储在可以扩展到超过60个字符的数据库列中(255个字符将是一个不错的选择).
PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).
PASSWORD_BCRYPT-使用CRYPT_BLOWFISH算法创建哈希.这将使用"$ 2y $"标识符生成标准的crypt()兼容哈希.结果将始终为60个字符串,否则将为FALSE.
PASSWORD_BCRYPT - Use the CRYPT_BLOWFISH algorithm to create the hash. This will produce a standard crypt() compatible hash using the "$2y$" identifier. The result will always be a 60 character string, or FALSE on failure.
这篇关于用pdo传递password_hash字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
