PHP salt和hash SHA256用于登录密码 [英] PHP salt and hash SHA256 for login password

问题描述

我在注册脚本中对密码进行了加密，并将它们存储在数据库中，我必须使用它们进行登录，所以我想使用未加密的密码登录。我已阅读了这里的一些主题，但没有任何帮助。我如何将它添加到我的login.php中？盐也存储在数据库中。

I've made encrypting of the password in my register script and they are stored in the database, and I have to use them to login, so I would want to use the unencrypted ones to login. I've read some of the threads in here but nothing is helping me. How can I add it in my login.php? The salt is also stored in the database.

这是我的register.php脚本，用于加密

This is my register.php script for encrypting

$hash = hash('sha256', $password1);

function createSalt()
{
    $text = md5(uniqid(rand(), TRUE));
    return substr($text, 0, 3);
}

$salt = createSalt();
$password = hash('sha256', $salt . $hash);

这是我的login.php，带有季节

and this is my login.php with season

//Create query
$qry="SELECT * FROM member WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
    if(mysql_num_rows($result) > 0) {
        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['id'];
        $_SESSION['SESS_FIRST_NAME'] = $member['username'];
        $_SESSION['SESS_LAST_NAME'] = $member['password'];
        session_write_close();
        header("location: profile.php");
        exit();
    }
    else {
        //Login failed
        //error message 
    }
else {
    die("Query failed");
}

推荐答案

净。感谢你，我也刚刚了解到了新的PHP哈希函数。

These examples are from php.net. Thanks to you, I also just learned about the new php hashing functions.

阅读php文档以了解可能性和最佳实践：
http://www.php.net/manual/en/function.password-hash.php

Read the php documentation to find out about the possibilities and best practices: http://www.php.net/manual/en/function.password-hash.php

保存密码哈希：

Save a password hash:

$options = [
    'cost' => 11,
];
// Get the password from post
$passwordFromPost = $_POST['password'];

$hash = password_hash($passwordFromPost, PASSWORD_BCRYPT, $options);

// Now insert it (with login or whatever) into your database, use mysqli or pdo!

获取密码哈希：

// Get the password from the database and compare it to a variable (for example post)
$passwordFromPost = $_POST['password'];
$hashedPasswordFromDB = ...;

if (password_verify($passwordFromPost, $hashedPasswordFromDB)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

这篇关于PHP salt和hash SHA256用于登录密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！