了解Websecurity.PHP登录 [英] Understanding Websecurity.Login in PHP

问题描述

实际上，我正在使用SQL数据库开发php网站，并且在数据库中我已经加密了密码，旧开发人员正在使用ASP.net构建现有网站，并且我注意到他正在使用Websecurity.login(用户名，密码，记住) ;在他的asp编码中，所以问题出在php中，如何在检入数据库之前对密码进行加密?因为例如密码是123456，并且在数据库中存储的内容类似:

Actually I am using SQL database to develop a php website and in the database I have encrypted password the old developer was using ASP.net to build the existing website and I notice he using Websecurity.login(username, password, remember); in his asp coding so the question is in php how should I encrypt password before checking in the database ? because for example the password is 123456 and in the database it's stored something like:

APIRqglSo1JVsMAa0SV +/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3 + u8qdsyakDvsUAA ==

APIRqglSo1JVsMAa0SV+/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3+u8qdsyakDvsUAA==

我在php中尝试了哈希:

I tried hash in php:

$password = '123456';

echo $hashed_password = password_hash($password, PASSWORD_DEFAULT);

，但是输出与我在SQL数据库中具有的密码不匹配，我的意思是: APIRqglSo1JVsMAa0SV +/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3 + u8qdsyakDvsUAA ==

but the output is not matched with the password I have in SQL database I mean with: APIRqglSo1JVsMAa0SV+/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3+u8qdsyakDvsUAA==

任何想法我应该如何将密码加密成与数据库中相同的密码，以便我可以使用php登录.

Any idea how should I encrypt password into order to make it same like in database so I can make login using php.

推荐答案

您可以确定，如果使用php password_hash函数，输出将不会始终相同.只需重新加载站点几次，您就会发现，通过password_hash生成的密码每次都会更改.

You can be sure, that if you use php password_hash function, the output will not always be the same. Just reload the site a couple of times and you will see, that the generated password via password_hash will change most likely every time.

转到文档: https://www.php. net/manual/en/function.password-hash.php

对于我来说，存储的密码看起来像是一些Base64，但我只是在假设.

The stored password looks like some Base64 to me - but i am just assuming.

为了以后再检查密码，请使用password_verify-> https://www.php.net/manual/en/function. password-verify.php

In order to check the password later, you use password_verify -> https://www.php.net/manual/en/function.password-verify.php

password_verify要求用户输入-密码以及数据库中的加密密码.请记住:如果您查看加密的字符串，它们将不完全相同！

The password_verify requires the users input - the password, as well as the encrypted password in the database. Please keep in mind: They will not be the exactly same, if you look on the encrypted strings!

正常程序是:

• 用户使用用户名/密码组合创建一个帐户
• 您将用户和password_hash存储在数据库中
• 当用户尝试登录时，您通过输入的用户名选择用户
• 通过password_verify，通过绕过登录名中输入的原始密码以及存储的数据库密码，检查该函数的返回值是否为真.

• The user creates an account with a user / password combination
• You store the user and the password_hash in the database
• When the user tries to login, you select the user by the entered username
• You check via password_verify if the return value of that function is true, by bypassing the original entered password in the login, as well as the stored database password.

这篇关于了解Websecurity.PHP登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！