比较/检查来自mysqli数据库[hash_hmac]的密码是否正确 [英] Comparing/check if correct Password from mysqli database [hash_hmac]
本文介绍了比较/检查来自mysqli数据库[hash_hmac]的密码是否正确的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用:
$password = hash_hmac('sha512', 'salt' . $password, $_SERVER['site_key']);
在注册时将密码存储并加密到数据库中.
to store and encrypt the password into database on registration.
对于登录:我需要比较密码,该怎么做?
For login: I need to compare password, how do I do that ?
这是我的完整代码:
<?php
session_start();
$mysqli = mysqli_connect("localhost", "", "", "");
$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"])){
if(empty($_POST["emailadd"]) || empty($_POST["password"])){
$error = "Both fields are required.";
}
else {
// Define $emailadd and $password
$emailadd=$_POST['emailadd'];
$password=$_POST['password'];
// To protect from MySQL injection
$emailadd = stripslashes($emailadd);
$password = stripslashes($password);
$emailadd = mysqli_real_escape_string($mysqli, $emailadd);
$password = mysqli_real_escape_string($mysqli, $password);
$password = hash_hmac('sha512', 'salt' . $password, $_SERVER['site_key']);
//Check username and password from database
$sql="SELECT * FROM member WHERE emailadd='$emailadd'";
$result=mysqli_query($mysqli,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1 and $password == hash_hmac('sha512', 'salt' . $_REQUEST['password'], $_SERVER['site_key'] )){
$_SESSION['emailadd'] = $login_user; // Initializing Session
header("location: pages/dashboard.html"); // Redirecting To Other Page
}else{
$error = "Incorrect email address or password.";
}
}
}
?>
我似乎无法正确解决,请有人劝我,谢谢
I just can't seem to get it right, could someone advice me please,Thanks
推荐答案
只需对用户登录时输入的密码进行哈希处理,就像注册时对哈希输入的密码进行哈希处理一样,然后从数据库中获取加密的密码并进行比较
Just hash the password the user types in when they login the same way you hash it when they register, then get the encrypted password from the database and compare them
$hashPass=hash_hmac('sha512', 'salt' . $password, $_SERVER['site_key']);
$query='SELECT password FROM yourtablename WHERE user=$user';
$getPass1=mysqli_query($link, $query);
$getPass2=mysqli_fetch_row($getPass1);
$getPass=$getPass2[0];
if($hashPass==$getPass){
// yay password is right
};
这篇关于比较/检查来自mysqli数据库[hash_hmac]的密码是否正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
