了解Websecurity.PHP登录 [英] Understanding Websecurity.Login in PHP
问题描述
实际上,我正在使用SQL数据库开发php网站,并且在数据库中我已经加密了密码,旧开发人员正在使用ASP.net构建现有网站,并且我注意到他正在使用Websecurity.login(用户名,密码,记住) ;在他的asp编码中,所以问题出在php中,如何在检入数据库之前对密码进行加密?因为例如密码是123456,并且在数据库中存储的内容类似:
Actually I am using SQL database to develop a php website and in the database I have encrypted password the old developer was using ASP.net to build the existing website and I notice he using Websecurity.login(username, password, remember); in his asp coding so the question is in php how should I encrypt password before checking in the database ? because for example the password is 123456 and in the database it's stored something like:
APIRqglSo1JVsMAa0SV +/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3 + u8qdsyakDvsUAA ==
APIRqglSo1JVsMAa0SV+/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3+u8qdsyakDvsUAA==
我在php中尝试了哈希:
I tried hash in php:
$password = '123456';
echo $hashed_password = password_hash($password, PASSWORD_DEFAULT);
,但是输出与我在SQL数据库中具有的密码不匹配,我的意思是: APIRqglSo1JVsMAa0SV +/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3 + u8qdsyakDvsUAA ==
but the output is not matched with the password I have in SQL database I mean with: APIRqglSo1JVsMAa0SV+/bizLKwpLgSAdkIc5RAEyHYgIrGPHy3+u8qdsyakDvsUAA==
任何想法我应该如何将密码加密成与数据库中相同的密码,以便我可以使用php登录.
Any idea how should I encrypt password into order to make it same like in database so I can make login using php.
推荐答案
您可以确定,如果使用php password_hash
函数,输出将不会始终相同.只需重新加载站点几次,您就会发现,通过password_hash
生成的密码每次都会更改.
You can be sure, that if you use php password_hash
function, the output will not always be the same. Just reload the site a couple of times and you will see, that the generated password via password_hash
will change most likely every time.
转到文档: https://www.php. net/manual/en/function.password-hash.php
对于我来说,存储的密码看起来像是一些Base64,但我只是在假设.
The stored password looks like some Base64 to me - but i am just assuming.
为了以后再检查密码,请使用password_verify
-> https://www.php.net/manual/en/function. password-verify.php
In order to check the password later, you use password_verify
-> https://www.php.net/manual/en/function.password-verify.php
password_verify
要求用户输入-密码以及数据库中的加密密码.请记住:如果您查看加密的字符串,它们将不完全相同!
The password_verify
requires the users input - the password, as well as the encrypted password in the database. Please keep in mind: They will not be the exactly same, if you look on the encrypted strings!
正常程序是:
- 用户使用用户名/密码组合创建一个帐户
- 您将用户和
password_hash
存储在数据库中 - 当用户尝试登录时,您通过输入的用户名选择用户
- 通过
password_verify
,通过绕过登录名中输入的原始密码以及存储的数据库密码,检查该函数的返回值是否为真.
- The user creates an account with a user / password combination
- You store the user and the
password_hash
in the database - When the user tries to login, you select the user by the entered username
- You check via
password_verify
if the return value of that function is true, by bypassing the original entered password in the login, as well as the stored database password.
这篇关于了解Websecurity.PHP登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!