密码未使用函数password_verify验证 [英] Password is not verified using function password_verify
问题描述
我认为我有密码使用函数 PASSWORD
直接从mysql数据库(我在这里做错了?)。我尝试使用此代码验证密码:
if($ submit)
{
$ first = $ _ POST ['first'];
$ password = $ _ POST ['password'];
$ hash =* 85955899FF0A8CDC2CC36745267ABA38EAD1D28; //这是在数据库中使用函数PASSWORD得到的哈希密码
$ password = password_verify($ password,$ hash);
$ db = new mysqli(localhost,root,,learndb);
$ sql =select * from admin where username ='。 $ first。 '和password ='。 $ password。 ';
$ result = $ db-> query($ sql);
$ result = mysqli_num_rows($ result);
if($ result> 0)
{
session_start();
$ _SESSION ['logged_in'] = true;
session_regenerate_id(true);
header(Location:loginhome.php);
}
}
但密码不匹配。
更新:
已经使用 password_hash
从PHP代码来存储到数据库中。 $分贝= new mysqli(localhost,root,,learndb);
$ password = password_hash('ChRisJoRdAn123',PASSWORD_DEFAULT);
$ sql =INSERT INTO admin(username,password)values('ChrisJordan','$ password');
$ db-> query($ sql);
仍密码不匹配。
无法在数据库中搜索salted密码哈希。要计算你需要的password_hash()函数,因为你已经在你的INSERT语句做正确的哈希值。
//散列的新密码存储在数据库中。
//函数自动生成加密安全的盐。
$ hashToStoreInDb = password_hash($ password,PASSWORD_DEFAULT);
要检查一个密码,你首先需要通过用户名只搜索(用事先准备好的查询,以避免SQL注入):
$ sql ='select * from admin where username =?
$ db-> prepare($ sql);
$ db-> bind_param('s',$ first);
当你最终从数据库获得存储的哈希时,可以这样检查:
//检查输入的登录密码的哈希是否与存储的哈希匹配。
//盐和成本因子将从$ existingHashFromDb中提取。
$ isPasswordCorrect = password_verify($ password,$ existingHashFromDb);
I think i have hashed password using function PASSWORD
directly from mysql database(am i doing wrong here?). And i am trying to verify that password with this code:
if($submit)
{
$first=$_POST['first'];
$password=$_POST['password'];
$hash="*85955899FF0A8CDC2CC36745267ABA38EAD1D28"; //this is the hashed password i got by using function PASSWORD in database
$password=password_verify($password,$hash);
$db = new mysqli("localhost", "root","","learndb");
$sql = "select * from admin where username = '" . $first . "' and password = '". $password . "'";
$result = $db->query($sql);
$result=mysqli_num_rows($result);
if($result>0)
{
session_start();
$_SESSION['logged_in'] = true;
session_regenerate_id(true);
header("Location:loginhome.php");
}
}
But the password is not matching. What am i missing here?
UPDATE:
After all the suggestions i have used password_hash
from php code to store into database.
$db = new mysqli("localhost", "root","","learndb");
$password=password_hash('ChRisJoRdAn123',PASSWORD_DEFAULT);
$sql="INSERT INTO admin (username,password)values('ChrisJordan','$password')";
$db->query($sql);
still the password is not matching.
One cannot search for a salted password hash in a database. To calculate the hash you need the password_hash() function as you already did correctly in your insert statement.
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
To check a password, you first need to search by username only (used a prepared query to avoid sql injection):
$sql = 'select * from admin where username = ?';
$db->prepare($sql);
$db->bind_param('s', $first);
When you finally got the stored hash from the database, it can be checked like this:
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
这篇关于密码未使用函数password_verify验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!