使用PHP比较MySql密码()
我发现这篇文章很有帮助,但我在应用上面提供的解决方案解决我的问题时遇到了困难 使用使用PHP比较MySql密码(),php,mysql,passwords,Php,Mysql,Passwords,我发现这篇文章很有帮助,但我在应用上面提供的解决方案解决我的问题时遇到了困难 使用password()将密码存储在Mysql中。我想调整此脚本,将输入的密码与存储在数据库中的密码进行比较,而不是使用“crypt()”函数 public function authenticate($user,$pass) { $mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB); if ($mysqli->connect_errn
password() public function authenticate($user,$pass) {
$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB);
if ($mysqli->connect_errno) {
error_log("Cannot connect to MySQL: " . $mysqli->connect_error);
return false;
}
$safeUser = $mysqli->real_escape_string($user);
$incomingPassword = $mysqli->real_escape_string($pass);
$query = "SELECT * from users WHERE username ='{$safeUser}'";
if (!$result = $mysqli->query($query)) {
error_log("Cannot retrieve account for {$user}");
return false;
}
// Will be only one row, so no while() loop needed
$row = $result->fetch_assoc();
$dbPassword = $row['password'];
if (crypt($incomingPassword,$dbPassword) != $dbPassword) {
error_log("Passwords for {$user} don't match");
return false;
}
$this->id = $row['id'];
$this->firstName = $row['first_name'];
$this->lastName = $row['last_name'];
$this->username = $row['username'];
$this->email = $row['email'];
$this->dateJoin = $row['dateJoin'];
$this->school = $row['school'];
$this->level = $row['level'];
$this->isLoggedIn = true;
$this->_setSession();
return true;
} //end function authenticate
AND `password` = PASSWORD('{$incomingPassword}')
对我的问题?这似乎有点笨拙。你真的确定使用MySql
Password()如果您对有关此主题的更深入信息感兴趣,可以查看我的关于安全存储密码的说明。您需要使用准备好的/参数化的查询。否则,您将很容易受到SQL注入攻击,当人们使用撇号时,您的代码会随机失败。
real\u escape\u stringcryptpasswordpassword// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_BCRYPT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);