Php 如何从mysql数据库验证用户密码
我在mySQL数据库中验证用户密码时遇到问题。 首先,我散列我的密码并将其写入数据库: 首先,我的寄存器处理程序:Php 如何从mysql数据库验证用户密码,php,mysql,hash,verifyerror,Php,Mysql,Hash,Verifyerror,我在mySQL数据库中验证用户密码时遇到问题。 首先,我散列我的密码并将其写入数据库: 首先,我的寄存器处理程序: class RegisterHandler { /** * @var RegisterQuery * */ private $register; /** * @var HashPassword * */ private $HashPassword; /** * @va
class RegisterHandler
{
/**
* @var RegisterQuery
*
*/
private $register;
/**
* @var HashPassword
*
*/
private $HashPassword;
/**
* @var string
*
*/
private $getUsername;
/**
* @var string
*
*/
private $username;
public function __construct()
{
$this->username = $_POST['username'];
$this->register = new RegisterQuery;
$this->checkUsername = new SelectUsernameQuery;
$this->HashPassword = new HashPassword($_POST['password']);
}
public function execute()
{
$hashedPassword = $this->HashPassword->getHashedPassword();
$salt = $this->HashPassword->getSalt();
$dbUser = $this->checkUsername->execute($this->username);
$dbUser->bindValue( 1, $this->username);
$dbUser->execute();
if( !$dbUser->rowCount() == 0 ) { # If rows are found for query
echo "Username found";
return;
}
$this->register->execute($this->username, $hashedPassword, $salt, $_POST['name']);
}
}
您可以看到我在execute函数中使用以下代码散列我的密码:(忘记salt,我不再使用它)
对密码进行散列后,我将散列写入de DB
现在是我的问题:
如何从DB获取密码以进行验证
我试过:
class LoginHandler
{
private $databaseWrapper;
/**
* @var SelectUsernameQuery
*
*/
private $checkUsername;
private $checkPassword;
/**
* @var string
*
*/
private $enteredUsername;
/**
* @var string
*
*/
private $enteredPassword;
/**
* @var HashPassword
*
*/
private $passwordHasher;
public function __construct()
{
$this->databaseWrapper = new DatabaseWrapper;
$this->checkUsername = new SelectUsernameQuery;
$this->checkPassword = new SelectPasswordQuery;
$this->enteredUsername = $_POST['username'];
$this->passwordHasher = new HashPassword($this->enteredPassword);
}
private function createSessionName()
{
$_SESSION['name'] = $this->enteredUsername;
}
public function execute()
{
$this->verifyUser();
}
private function verifyUser()
{
$this->enteredPassword = $_POST['password'];
$userDBHash = $this->checkPassword->execute($this->enteredUsername);
$userDBHash->execute();
if(password_verify($this->enteredPassword, $userDBHash))
{
echo 'password is valid';
}
$dbUsername = $this->checkUsername->execute($this->enteredUsername);
$dbUsername->bindValue( 1, $this->enteredUsername);
$dbUsername->execute();
if( !$dbUsername->rowCount() == 0 ) { # If rows are found for query
echo 'Username: '."$this->enteredUsername".' was found!';
$this->createSessionName();
return;
}
echo 'Ups, This Username: '."$this->enteredUsername".' was not found!'; }
}
}
在verifyUser类中,我将输入的密码写入变量中
之后,我通过以下查询从数据库中获取$userDBHash中的哈希值:
private function getUsername($username)
{
return $this->databaseWrapper->getPDO()->prepare(
"SELECT password FROM users WHERE username = '$username'");
}
之后,我尝试验证密码($this->enteredPassword,$userDBHash)
但我得到了以下错误:
Warning: password_verify() expects parameter 2 to be string, object given in /var/www/c2b/src/Handlers/LoginHandler.php on line 72
您的问题似乎是,如何从数据库中获取密码哈希。我在脑海中做了一个简单的例子(未经测试),但它应该能让你开始
private function getPasswordHashFromDatabase($username)
{
$pdo = $this->databaseWrapper->getPDO();
$stmt = $pdo->prepare('SELECT password FROM users WHERE username = ?');
$stmt->bindParam(1, $username);
if ($stmt->execute())
{
if ($row = $stmt->fetch())
{
return $row[0];
}
}
return '';
}
请注意select语句中的
?
,使用准备好的语句可以保护应用程序免受SQL注入。那么,$this->enteredPassword
和$userDBHash
包含哪些内容?其中一个不是字符串,而是其他内容。$enteredPassword包含由$\u POST调用的密码,$userDBHash包含数据库中密码的哈希。所以它是一个数组,对吗?如何转换它?我不知道$userDBHash
包含什么,因为设置它的代码不可见,但是,错误消息非常清楚地表明它不是字符串,而是对象。从您的代码中,我假设它可能是一个PDO语句:$userDBHash->execute()
该函数不返回哈希,而是返回PDO语句。该函数也不会从您发布的代码中的任何地方调用。此外,它的名称令人困惑-getUsername
,但可能它应该返回特定用户的哈希密码?**编辑它非常有效!首先我失败了。。我从来没有为密码发过$u帖子。。现在它工作了:)非常感谢!
private function getPasswordHashFromDatabase($username)
{
$pdo = $this->databaseWrapper->getPDO();
$stmt = $pdo->prepare('SELECT password FROM users WHERE username = ?');
$stmt->bindParam(1, $username);
if ($stmt->execute())
{
if ($row = $stmt->fetch())
{
return $row[0];
}
}
return '';
}