使用CRYPT_BLOWFISH后匹配密码 [英] Match passwords after using CRYPT_BLOWFISH
本文介绍了使用CRYPT_BLOWFISH后匹配密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已成功创建我的密码,并使用CRYPT_BLOWFISH将其插入数据库。但是,我不知道如何将数据库中的加密密码与用户登录的密码进行匹配。任何帮助非常感谢谢谢。
I have successfully created my passwords and am inserting them into the database using CRYPT_BLOWFISH. However I do no know how to match the crypted passwords in the database to the passwords the user is entering to login. Any help is greatly appreciated thanks.
要从用户输入生成密码,我使用:
To generate the password from the users input I use:
注册。 PHP
//If there are no errors or returned_records and the form is submitted let's submit the info and register the user
else if(!$error_msg && !$returned_record && $_POST['register']){
//Place the newly hased/encrypted password into our new_password variable
function generateHash($password_1){
if(defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH){
$salt = '$2y$11$'. substr(md5(uniqid(rand(), true)), 0, 22);
return crypt($password_1, $salt);
}//End If
}//End Function genrateHash*/
$new_password = generateHash($password_1);
$pass = $new_password;
//Build our query
$sql = ("INSERT INTO members (username, email, password_1) VALUES (?,?,?)");
//Prepare our query
$stmt = $mysqli->prepare($sql) or die("Failed Execution");
//Bind the fields and there paramters to our query
$stmt->bind_param('sss', $username, $email, $new_password);
//Execute the query
$stmt->execute();
echo $stmt->error;
header('Location: http://www.yourschoolsincanada.com/english/register/registration-success/');
exit();
}
LOGIN.PHP
LOGIN.PHP
if(isset($_POST['login'])){
$username = $_POST['username'];
$password_1 = $_POST['password_1'];
$sql = "SELECT member_id, username, password_1 FROM members WHERE username = ? AND password_1 = ? LIMIT 1";
//Prepare our query
if($stmt = $mysqli->prepare($sql)){
//Bind the Parameters to the query
$stmt->bind_param('ss', $username, $password_1);
//Execute the query
$result = $stmt->execute();
/*Store our result to get properties*/
$stmt->store_result();
//Get the number of rows
$num_of_rows = $stmt->num_rows;
//Bind the results of what the query gave us to our three variables
$stmt->bind_result($id, $username, $password_1);
if(crypt($password_1, $pass) == $pass){
echo "Match";
}
else{
echo "Passwords don't match";
}
}
推荐答案
演示
我已经得到以下工作。 HTML表单和PHP都在同一页面内运行。
Working Demo
I've gotten the following to work. The HTML form and PHP all run inside the same page.
<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');
$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME)
OR die("could not connect");
if(isset($_POST['login'])){
$username = htmlentities(trim($_POST['username']));
$username = mysqli_real_escape_string($mysqli, $username);
$password = trim($_POST['password']);
$query = mysqli_query($mysqli, "SELECT username, password_1 FROM members WHERE username = '$username'");
$row = mysqli_fetch_assoc($query);
$numrows = mysqli_num_rows($query);
$dbuser = $row['username'];
$dbpass = $row['password_1'];
$hashed_password = crypt($password, $dbpass);
// var_dump($dbuser); // For testing purposes only, can be removed
echo "<hr>";
// var_dump($dbpass); // For testing purposes only, can be removed
if( ($username == '') || ($password == '') ) {
$error_string = '<font color=red>You have left either the username or password field blank!</font>';
echo $error_string;
}
if ($numrows == 0)
{
$error_string = '<font color=red>No username can be found!</font>';
echo $error_string;
}
else if ($numrows == 1)
{
if ($hashed_password == $dbpass)
{
$error_string = '<font color=red>Details checked out</font>';
echo $error_string;
}
}
else {
$error_string = '<font color=red>There was an error. Please contact an Admin</font>';
echo "SORRY Charlie!";
}
} // brace for isset login
?>
<form action="" method="post">
Username:
<input type="text" name="username">
<br>
Password:
<input type="text" name="password">
<br>
<input type="submit" name="login" value="Submit">
</form>
原始答案
以下内容应该有效,因为我在同一个文件中使用了以下内容 match 。
阅读代码中的意见。
<?php
$password_1 = "1234567890"; // User-entered password
function generateHash($password_1){
if(defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH){
$salt = '$2y$11$'. substr(md5(uniqid(rand(), true)), 0, 22);
return crypt($password_1, $salt);
}
}
// Remove the echo. For testing purposes only
echo $new_password = generateHash($password_1);
$pass = $new_password;
echo "<br>";
echo $pass;
echo "<hr>";
// Verify that the password matches and use in your login page
// Syntax: if(crypt($password_entered, $password_hash) == $password_hash)
if(crypt($password_1,$pass) == $pass) {
// password is correct
echo "Match.";
}
else {
echo "No match.";
}
EDIT
密码生成器
<?php
$password_1 = "1234567890"; // User-entered generated password
// or from a form
// $password_1 = $_POST['password']; // User-entered generated password
function generateHash($password_1){
if(defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH){
$salt = '$2y$11$'. substr(md5(uniqid(rand(), true)), 0, 22);
return crypt($password_1, $salt);
}
}
// here you can enter the password into DB
// since we have a successful echo
// Remove the echo. For testing purposes only
echo $new_password = generateHash($password_1);
$pass = $new_password;
echo "<br>";
echo $pass;
echo "<hr>";
登录检查:
$password_1 = $_POST['password']; // User-entered password
// DB codes example:
$query = mysqli_query($con, "SELECT password FROM users WHERE password='".$password_1."'");
// Verify that the password matches and use in your login page
// Syntax: if(crypt($password_entered, $password_hash) == $password_hash)
if(crypt($password_1,$pass) == $pass) {
// password is correct
echo "Match.";
}
else {
echo "No match.";
}
这篇关于使用CRYPT_BLOWFISH后匹配密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文