问题描述
我进入php并制作了一个登录脚本,但一切正常,但我在signup.php中的Bcrypt中对密码进行了哈希处理,因此我在输入密码时遇到问题使其与之匹配,因此我研究了VERIFY_PASSWORD,但如何在自己的脚本上实现该密码?澄清我是否只是将表中的哈希值复制为密码,但可以,但我希望它能正常输入_POST密码,欢迎输入ani
Im into php and making a login script everything works butI hashed the passwords in Bcrypt in the signup.php, so im having problem input password make it match so i researched VERIFY_PASSWORD but how i implement it on my own script?to clarify if i just copy the hash from table as password it works but i want it to work normal input _POST password,ani input is welcome
login.php
login.php
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
require 'database.php';
$username = $_POST["username"];
$password = $_POST["password"];
$sql = "SELECT * FROM table2 WHERE username = '".$username."' AND password = '$password'";
$result = $conn->query($sql);
$result->execute();
$count = $result->fetchcolumn();
var_dump($result);///if($result === FALSE) {
if($count == 1 ){
echo"login";
header("location:login4.php");
} else { var_dump($count);
echo"logout";
} // die(mysql_error()); // TODO: better error handling
///}
///while($row = mysql_fetch_array($result))
///{
/// echo $row['username'];
///}
///if(!$row = mysqli_fetch_assoc($result)) {
/// echo "dd";
//else {
// echo "logged in";
?>
<html>
<form action="login3.php" method="post">
<input type="text" name="username">
<input type="password" name="password">
<button type="submit" name="submit">login</button>
</html>
推荐答案
首先,您只需要使用"WHERE username =".进行请求时,您无需检查密码.
First of all, you only have to use "WHERE username =". You don't have to check the password when you do the request.
第二,您必须验证密码.
Secondly, you have to verify the password.
最后,您还应该使用准备好的语句,这更安全.
Finally, you should also used prepared statements, it's more secure.
因此,您的代码应如下所示(提供的代码可能无法按原样使用,但您可以对其进行调整以获取所需的结果,并阅读文档以了解准备好的语句以及password_verify的工作原理):
So, your code should look like this (the code provided may not be usable as is but you can tweak it to get the result that you want and read the doc to understand prepared statements and how password_verify works):
$sql = "SELECT * FROM table2 WHERE username = :username";
$request = $conn->prepare($sql);
$request->execute([":username" => $_POST["username"]]);
$user = $request->fetchAll()[0];
if(password_verify($_POST["password"], $user->password)){
//user is logged in
}else{
//password is wrong
}
这篇关于你好,世界!实现password_verify的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!