Java 无法使用哈希密码登录Android应用程序
为了创建一个基于Android的应用程序的登录名,我一直在遵循一个教程,但是在加密密码之后,我无法获得用户身份验证。这几天来,我一直在寻找解决这个问题的办法,但还是没有什么好运气。我希望这是我错过的简单的事情 评论中也有很多人和我在视频6(播放列表中的最后一个视频)上有相同的问题 我们将非常感谢您的支持,并提前向您表示感谢 Register.phpJava 无法使用哈希密码登录Android应用程序,java,php,android,password-encryption,Java,Php,Android,Password Encryption,为了创建一个基于Android的应用程序的登录名,我一直在遵循一个教程,但是在加密密码之后,我无法获得用户身份验证。这几天来,我一直在寻找解决这个问题的办法,但还是没有什么好运气。我希望这是我错过的简单的事情 评论中也有很多人和我在视频6(播放列表中的最后一个视频)上有相同的问题 我们将非常感谢您的支持,并提前向您表示感谢 Register.php <?php require("password.php"); $connect = mysqli_connect("localhost",
<?php
require("password.php");
$connect = mysqli_connect("localhost", "", "", "");
$name = $_POST["name"];
$email = $_POST["email"];
$username = $_POST["username"];
$password = $_POST["password"];
function registerUser() {
global $connect, $name, $username, $email, $password;
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$statement = mysqli_prepare($connect, "INSERT INTO user (name, username, email, password) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "ssss", $name, $username, $email, $passwordHash);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
}
function usernameAvailable() {
global $connect, $username;
$statement = mysqli_prepare($connect, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
$count = mysqli_stmt_num_rows($statement);
mysqli_stmt_close($statement);
if ($count < 1){
return true;
}else {
return false;
}
}
$response = array();
$response["success"] = false;
if (usernameAvailable()){
registerUser();
$response["success"] = true;
}
print_r(json_encode($response));
Login.php
<?php
require("password.php");
$con = mysqli_connect("localhost", "", "", "");
$username = $_POST["username"];
$password = $_POST["password"];
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($statement, "ss", $username, $passwordHash);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $UserID, $Name, $Username, $Email, $PasswordHash);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
$response["success"] = true;
$response["name"] = $name;
$response["email"] = $email;
$response["username"] = $username;
$response["password"] = $password;
}
echo json_encode($response);
LoginRequest.java
package com.###########;
import com.android.volley.Response;
import com.android.volley.toolbox.StringRequest;
import java.util.HashMap;
import java.util.Map;
public class LoginRequest extends StringRequest {
private static final String LOGIN_REQUEST_URL = "http://....................../login.php";
private Map < String, String > params;
public LoginRequest(String username, String password, Response.Listener < String > listener) {
super(Method.POST, LOGIN_REQUEST_URL, listener, null);
params = new HashMap < > ();
params.put("username", username);
params.put("password", password);
}
@Override
public Map < String, String > getParams() {
return params;
}
package com.##########;
导入com.android.volley.Response;
导入com.android.volley.toolbox.StringRequest;
导入java.util.HashMap;
导入java.util.Map;
公共类LoginRequest扩展了StringRequest{
私有静态最终字符串登录\u请求\u URL=”http://....................../login.php";
私有映射<字符串,字符串>参数;
公共登录请求(字符串用户名、字符串密码、Response.ListenerListener){
super(Method.POST,LOGIN\u REQUEST\u URL,listener,null);
params=新的HashMap<>();
参数put(“用户名”,用户名);
参数put(“密码”,密码);
}
@凌驾
公共映射getParams(){
返回参数;
}
}
LoginActivity.java
package com.###########;
import android.content.Intent;
import android.support.v7.app.AlertDialog;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
import com.android.volley.RequestQueue;
import com.android.volley.Response;
import com.android.volley.toolbox.Volley;
import org.json.JSONException;
import org.json.JSONObject;
public class LoginActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);
final EditText etUsername = (EditText) findViewById(R.id.etUsername);
final EditText etPassword = (EditText) findViewById(R.id.etPassword);
final Button bLogin = (Button) findViewById(R.id.bLogin);
final TextView registerLink = (TextView) findViewById(R.id.tvRegisterHere);
registerLink.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
Intent registerIntent = new Intent(LoginActivity.this, RegisterActivity.class);
LoginActivity.this.startActivity(registerIntent);
}
});
bLogin.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
final String username = etUsername.getText().toString();
final String password = etPassword.getText().toString();
Response.Listener<String> responseListener = new Response.Listener<String>() {
@Override
public void onResponse(String response) {
try {
JSONObject jsonResponse = new JSONObject(response);
boolean success = jsonResponse.getBoolean("success");
if (success){
String name = jsonResponse.getString("name");
String email = jsonResponse.getString("email");
Intent intent = new Intent(LoginActivity.this, UserAreaActivity.class);
intent.putExtra("name", name);
intent.putExtra("username", username);
intent.putExtra("email", email);
LoginActivity.this.startActivity(intent);
}
else {
AlertDialog.Builder builder = new AlertDialog.Builder(LoginActivity.this);
builder.setMessage("Login Failed")
.setNegativeButton("Retry", null)
.create()
.show();
}
} catch (JSONException e) {
e.printStackTrace();
}
}
};
LoginRequest loginRequest = new LoginRequest(username, password, responseListener);
loginRequest.setShouldCache(false); // Disables Caching for Volley so that multiple login requests can be submitted.
RequestQueue queue = Volley.newRequestQueue(LoginActivity.this);
queue.add(loginRequest);
}
});
}
}
package com.##########;
导入android.content.Intent;
导入android.support.v7.app.AlertDialog;
导入android.support.v7.app.AppActivity;
导入android.os.Bundle;
导入android.view.view;
导入android.widget.Button;
导入android.widget.EditText;
导入android.widget.TextView;
导入com.android.volley.RequestQueue;
导入com.android.volley.Response;
导入com.android.volley.toolbox.volley;
导入org.json.JSONException;
导入org.json.JSONObject;
公共类LoginActivity扩展了AppCompatActivity{
@凌驾
创建时受保护的void(Bundle savedInstanceState){
super.onCreate(savedInstanceState);
setContentView(R.layout.activity\u登录);
最终EditText etUsername=(EditText)findViewById(R.id.etUsername);
最终EditText etPassword=(EditText)findViewById(R.id.etPassword);
最终按钮bLogin=(按钮)findViewById(R.id.bLogin);
最终文本视图注册表链接=(文本视图)findViewById(R.id.tvRegisterHere);
registerLink.setOnClickListener(新视图.OnClickListener(){
@凌驾
公共void onClick(视图v){
Intent registerIntent=newintent(LoginActivity.this、RegisterActivity.class);
LoginActivity.this.startActivity(注册内容);
}
});
bLogin.setOnClickListener(新视图.OnClickListener(){
@凌驾
公共void onClick(视图v){
最终字符串username=etUsername.getText().toString();
最终字符串password=etPassword.getText().toString();
Response.Listener responseListener=新的Response.Listener(){
@凌驾
公共void onResponse(字符串响应){
试一试{
JSONObject jsonResponse=新的JSONObject(响应);
boolean success=jsonResponse.getBoolean(“success”);
如果(成功){
String name=jsonResponse.getString(“name”);
String email=jsonResponse.getString(“电子邮件”);
意向意向=新意向(LoginActivity.this、UserAreaActivity.class);
意向。额外(“名称”,名称);
intent.putExtra(“用户名”,用户名);
意向。额外(“电子邮件”,电子邮件);
后勤活动。这。开始行动(意图);
}
否则{
AlertDialog.Builder=新建AlertDialog.Builder(LoginActivity.this);
builder.setMessage(“登录失败”)
.setNegativeButton(“重试”,null)
.create()
.show();
}
}捕获(JSONException e){
e、 printStackTrace();
}
}
};
LoginRequest LoginRequest=新的LoginRequest(用户名、密码、响应侦听器);
loginRequest.setShouldCache(false);//禁用对截取的缓存,以便可以提交多个登录请求。
RequestQueue=Volley.newRequestQueue(LoginActivity.this);
添加(loginRequest);
}
});
}
}
在login.php中,您应该更改以下内容:
//$passwordHash = password_hash($password, PASSWORD_DEFAULT); remove
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
每次对密码进行散列时,它都会创建一个唯一的散列(因为每次运行函数时都会生成一个randonly salt),因此当您登录并进行散列时,您将永远无法获得匹配项。你应该改用
从查询中检索密码后,您可以验证:
password_verify($password, $response['password']);
每次对密码进行散列时,它都会创建一个唯一的散列,因此当您登录并进行散列时,您将永远无法获得匹配项。您应该按照规定使用password\u verify()
。你好,杰,非常感谢您的回复!我将在哪里放置密码验证($password,$response['password']);在我的login.php文件中?我曾尝试在一些地方添加它,但当我运行应用程序时,只要用户在数据库中注册,任何密码都会让他们登录。你能告诉我哪里仍然出错吗?你好,杰,我仍然不知道如何使用密码验证。你能告诉我为了实施它我需要做什么吗?再次感谢您,非常感谢您的帮助!阅读