无法使用准备好的语句从数据库中提取密码哈希 [英] Unable to extract password hash from database with prepared statements
问题描述
澄清一下,我无法使用准备好的语句从我的数据库中提取散列密码.
To clarify, I am unable to extract the hashed password from my database using prepared statements.
我正在尝试创建一个使用准备好的语句、password_hash 和 password_verify 的登录系统.
I'm trying to create a login system that uses prepared statements, password_hash and password_verify.
我已经创建了用于创建用户的注册表单,使用 password_hash($_POST['password'], PASSWORD_DEFAULT);
I have created the registering form that creates the user, with the hashed password using password_hash($_POST['password'], PASSWORD_DEFAULT);
这可以正常工作.
但是,我现在坚持创建登录表单.
However, I am now stuck on creating the login form.
我正在尝试获取在用户注册时存储的密码哈希,但我无法让它与准备好的语句一起使用.
I am trying to get the password hash that gets stored when a user registers but I cannot get it to work with prepared statements.
这是我目前拥有的.
<?php
require('db.php');
if(isset($_POST['submit'])) {
$stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');
if($stmt) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt->bind_param('s', $username);
$stmt->execute();
}
}
?>
如何使用从选择查询中获得的数据?以及如何使用它来验证密码?
How do I use the data that I got from the select query? And how do I use it to verify the password?
我试过了:
$stmt->store_result();
$stmt->bind_result($loginUsername, $hash);
那只存储了用户名,但没有存储密码哈希,我不知道为什么.
That only stored the username, but not the password hash and I have no clue why.
验证密码会用到这个吗?password_verify($password, $hash);
Verifying the password would use this?
password_verify($password, $hash);
更新
<?php
require('db.php');
if(isset($_POST['submit'])) {
$stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');
if($stmt) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt->bind_param('s', $username);
$stmt->execute();
// Get query results
$result = $stmt->get_result();
// Fetch the query results in a row
while($row = $result->fetch_assoc()) {
$hash = $row['user_password'];
$username = $row['user_name'];
}
// Verify user's password $password being input and $hash being the stored hash
if(password_verify($password, $hash)) {
// Password is correct
} else {
// Password is incorrect
}
}
}
?>
推荐答案
阅读此内容 PHP 手册.试试这个:
Read this PHP MANUAL.Try this:
<?php
require('db.php');
if(isset($_POST['submit'])) {
$stmt = $connect->prepare('SELECT user_name, user_password FROM `users` WHERE user_name = ?');
if($stmt) {
$username = $_POST['username'];
$password = $_POST['password'];
$stmt->bind_param('s', $username);
$stmt->execute();
// Get query results
$stmt->bind_result($user_name,$hash);
$stmt->store_result();
// Fetch the query results in a row
$stmt->fetch();
// Verify user's password $password being input and $hash being the stored hash
if(password_verify($password, $hash)) {
// Password is correct
} else {
// Password is incorrect
}
}
}
?>
这是我创建登录系统的方式:
This is how I created my login system:
$stmt = mysqli_prepare($link,"SELECT user_email,user_password,user_firstname,user_lastname,user_role,username FROM users WHERE user_email=?");
mysqli_stmt_bind_param($stmt,"s",$email);
mysqli_stmt_execute($stmt);
confirmQuery($stmt);
mysqli_stmt_bind_result($stmt,$user_email,$user_password,$user_firstname,$user_lastname,$user_role,$username);
mysqli_stmt_store_result($stmt);
mysqli_stmt_fetch($stmt);
if(mysqli_stmt_num_rows($stmt) == 0)
relocate("../index.php?auth_error=l1");
else{
if(password_verify($password,$user_password)){
$_SESSION['userid'] = $user_email;
$_SESSION['username'] = $username;
$_SESSION['firstname'] = $user_firstname;
$_SESSION['lastname'] = $user_lastname;
$_SESSION['role'] = $user_role;
if(isset($_POST['stay-logged-in']))
setcookie("userid", $email, time() + (86400 * 30), "/");
relocate("../index.php?auth_success=1");
}else
relocate("../index.php?auth_error=l2");
}
mysqli_stmt_close($stmt);
这篇关于无法使用准备好的语句从数据库中提取密码哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
