Php 将发布的密码与MySQL存储的加密密码进行比较
我的SQL表:Php 将发布的密码与MySQL存储的加密密码进行比较,php,mysql,mysqli,Php,Mysql,Mysqli,我的SQL表: |-ID-|-Username-|-EmailAddress-|-ePassword-|-Permissions-| ---------------------------------------------------------- | 1 | Admin | | | | | 2 | Foo|<emailaddress>|<cpassword>| <def
|-ID-|-Username-|-EmailAddress-|-ePassword-|-Permissions-|
----------------------------------------------------------
| 1 | Admin | | | |
| 2 | Foo|<emailaddress>|<cpassword>| <default 1>|
| | | | | |
| | | | | |
要比较密码,我的密码是:
if (hash_equals($hashed_password, crypt($password, $hashed_password)) { //changed $user_input to password
echo "Password verified!";
}
但我如何从数据库中获取ePassword并进行比较呢
//User data
$username = strtolower($_POST['username']);
$password = $_POST['password'];
//login check
if($_SESSION['loggedIn'] != "") {
echo 'You already are using an Account!';
} else if($_SESSION['loggedIn'] == "") {
//connect to database
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
//check for connection errors
if (!$con) {
die('Could not connect: ' . mysql_error());
};
//checks for username
$stmt = $con->prepare("SELECT * FROM Users WHERE Username=?");
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();
$userCheck = $stmt->num_rows;
if($userCheck > 0) {
//Password check goes here
} else {
};
$con->close();
};
TL;DR:我想将$password与来自我的数据库的ePassword与crypt进行比较,我该怎么做?我认为您需要加密用户密码$\u POST['password']并与来自您数据库的ePassword进行比较ePassword是使用crypt加密的-crypt不会输出相同的内容两次。注册用户时,您可以使用salt生成ePassword并将其插入数据库。现在,当用户登录时,应该使用相同的salt来获取输入密码的加密值。然后,只有您可以根据您的实现比较密码。
// username and password sent from Form
$username=$_POST['username'];
$password=$_POST['password'];
$password=crypt($password,saltUsedWhileRegisteringUser); // Encrypted Password
//Assuming ePassword is the crypted password inserted into DB while User Registeration
$sql="SELECT id FROM admin WHERE username='$username' and ePassword ='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);//If count > 1 then valid user else not a valid one.
// username and password sent from Form
$username=$_POST['username'];
$password=$_POST['password'];
$password=crypt($password,saltUsedWhileRegisteringUser); // Encrypted Password
//Assuming ePassword is the crypted password inserted into DB while User Registeration
$sql="SELECT id FROM admin WHERE username='$username' and ePassword ='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);//If count > 1 then valid user else not a valid one.
if($userCheck > 0) {
//Password check goes here
$stmt->bind_result($id, $username,$emailAddress,$ePassword,$permissions);
$password = crypt($password,'the same salt used to create ePassword. without it the string will be always random');
if (hash_equals($password,$ePassword) {
echo 'user logged in';
else
echo 'invalid password';
}
}