哈希和password_verify [英] Hashing and password_verify

查看:148
本文介绍了哈希和password_verify的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在处理我的小型PHP项目,我正在尝试在注册时实现哈希,并且当用户想要登录时我需要验证我的哈希密码。我尝试了很多,但是我并没有真正了解我可以在我的代码中使用password_verify函数。

在我的registration.php中,我有一个代码: 

  $ username = $ _POST ['username']; 
 $ password = password_hash($ _ POST ['password'],PASSWORD_DEFAULT); 
 $ email = $ _POST ['email'];

我的login.php文件如下所示:

  $ username = $ _POST ['username']; 
 $ password = $ _POST ['password']; 
 
 $ username = htmlentities($ username,ENT_QUOTES,utf-8); 
 $ password = htmlentities($ password,ENT_QUOTES,utf-8); 
 
 if($ result = @ $ connect_db-> query(sprintf(SELECT * FROM users WHERE username ='%s'AND password ='%s',
 mysqli_real_escape_string $ connect_db,$ username),
 mysqli_real_escape_string($ connect_db,$ password)))
){
 $ amount = $ result-> num_rows; 
 if($ amount> 0){
 $ _SESSION ['logged_in'] = true; 
 
 $ row = $ result-> fetch_assoc(); 
 $ _SESSION ['user_id'] = $ row ['user_id']; 
 $ _SESSION ['username'] = $ row ['username']; 
 $ _SESSION ['输入代码hereemail'] = $ row ['email']; 
 $ _SESSION ['admin'] = $ row ['admin']; 
 
 unset($ _ SESSION ['error']); 
 $ result-> free_result(); 
 header('Location:dictionary.php'); 
} else {
 $ _SESSION ['error'] ='< p class =error_m>无效的用户名或密码!< / p>'; 
 header('Location:index.php'); 
 
 
 $ / code $ / pre 
 
我的问题是关于如何在我的密码中使用password_verify函数login.php文件?
解决方案
您不会散列用户输入到表单中的密码,而是在用户输入密码时实际上是注册到你的网站上。
 
 $ $ p $ code $ password = filter_var($ _ POST ['aPass'],FILTER_SANITIZE_STRING); 
 $ newPassword = password_hash($ password,PASSWORD_DEFAULT); 
 //将$ newPassword输入到数据库中。

对于登录过程以及如何使用password_verify函数 

  $ username = filter_var($ _ POST ['username'],FILTER_SANITIZE_STRING); 
 $ password = filter_var($ _ POST ['password'],FILTER_SANITIZE_STRING); 
 //我假设已经建立了与数据库的连接
 $ check = mysqli_query($ con,SELECT passwordtable FROM tablename WHERE usertable = $ username); 
 if(mysqli_num_rows($ check)=== 1){
 //获取关联数据,会跳过
 //因为数据已经被获取,我们现在可以使用password_verify函数,假设您将获取的数据保存在一个名为$ dbPass 
 
的变量中if(password_verify($ password,$ dbPass)){
 //该函数需要两个参数,第一个参数第二个来自数据库
 header('Location:dictionary.php')的散列密码; 
 exit(); 
} else {
 echo'密码无效'; 
} 
 
}

你还应该看看mysqli的准备情况报表


I'm working with my little PHP project and I'm trying to implement hashing on registration and I need to verify my hashed password when user want to log in. I tried a lot but I don't really get how I could use password_verify function in my code.

In my registration.php I have a code:

$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$email = $_POST['email'];

My login.php file looks like this:

$username = $_POST['username'];
        $password = $_POST['password'];

        $username = htmlentities($username, ENT_QUOTES, "utf-8");
        $password = htmlentities($password, ENT_QUOTES, "utf-8");

            if ($result = @$connect_db->query(sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'",
                mysqli_real_escape_string($connect_db, $username),
                mysqli_real_escape_string($connect_db, $password)))
            ) {
                $amount = $result->num_rows;
                if ($amount > 0) {
                    $_SESSION['logged_in'] = true;

                    $row = $result->fetch_assoc();
                    $_SESSION['user_id'] = $row['user_id'];
                    $_SESSION['username'] = $row['username'];
                    $_SESSION['enter code hereemail'] = $row['email'];
                    $_SESSION['admin'] = $row['admin'];

                    unset($_SESSION['error']);
                    $result->free_result();
                    header('Location: dictionary.php');
                } else {
                    $_SESSION['error'] = '<p class="error_m">Invalid username or password!</p>';
                    header('Location: index.php');
                }
            }

My question is about how to use password_verify function in my login.php file?

解决方案

you do not hash the password the user types into the form rather you hash the password when the user is actually registering into your site 

$password = filter_var($_POST['aPass'] , FILTER_SANITIZE_STRING) ;
$newPassword = password_hash($password , PASSWORD_DEFAULT);
// input $newPassword into the database.

For the login process and how to use the password_verify function

$username = filter_var($_POST['username'] , FILTER_SANITIZE_STRING);
    $password = filter_var($_POST['password'],FILTER_SANITIZE_STRING);
// i assume the connection to the database has been established already
$check =  mysqli_query($con , "SELECT passwordtable FROM tablename WHERE usertable=$username") ;
if(mysqli_num_rows($check) === 1){
//fetch the assoc data,would skip that
//since the data has been fetched,we can now use the password_verify function,assuming you saved the fetched data in a variable called $dbPass

if(password_verify($password , $dbPass)){
 //the function takes in two parameters, the first being the inputted pass from your form and the second the hashed password from the database
  header('Location: dictionary.php');
  exit();
} else {
 echo 'Invalid password' ;
}

}

You should also look at mysqli prepared statements

这篇关于哈希和password_verify的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆