Fatal编程技术网
  • php/
  • bCrypt从数据库获取密码(PDO、PHP)

bCrypt从数据库获取密码(PDO、PHP)

php mysql

bCrypt从数据库获取密码(PDO、PHP),php,mysql,pdo,bcrypt,Php,Mysql,Pdo,Bcrypt,我目前正在从md5切换到bcrypt,并且我能够使用以下代码将bcrypt设置到数据库中 public function User_Registration($_iPassword, $_iEmail, $_iUsername) { $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username OR _iEmail = :email"); $sth->exec

我目前正在从md5切换到bcrypt,并且我能够使用以下代码将bcrypt设置到数据库中

    public function User_Registration($_iPassword, $_iEmail, $_iUsername) {

    $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username OR _iEmail = :email");
    $sth->execute(array(':username' => $_iUsername, ':email'    => $_iEmail ));

    $row = $sth->fetch(PDO::FETCH_ASSOC);
    $_iD = $row['_iD'];

    if ($sth->rowCount() == 0) {        

        $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);   // create a random salt 
        $hash = crypt($_iPassword, '$2a$12$' . $salt);  // hash incoming password - this works on PHP 5.3 and up

        $sth = $this->db->prepare("INSERT INTO users(_iPassword,_iEmail,_iUsername) VALUES ( :hash_pass, :email, :username)");
        $sth->bindValue(":hash_pass", $hash);
        $sth->bindValue(":email", $_iEmail);
        $sth->bindValue(":username", $_iUsername);
        $sth->execute();

        $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username");
        $sth->execute(array(':username' => $_iUsername));

        $me = "me";
        $sth = $this->db->prepare("INSERT INTO friends (friend_one,friend_two,role) VALUES ( :uid, :uid1, :me )");
        $sth->bindValue(":uid",     $row['_iD']);
        $sth->bindValue(":uid1",    $row['_iD']);
        $sth->bindValue(":me",      $me);
        $sth->execute();
    } else {
        return false;
    }
}
但是我无法从数据库中取回数据,我目前正在使用以下代码取回用户登录信息:

    public function User_Login($_iUsername,$_iPassword) {
    $md5_password = crypt($_iPassword);

    $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username AND _iPassword = :password AND _iStatus='1'");
    $sth->bindValue(":username", $_iUsername);
    $sth->bindValue(":password", $md5_password);
    $sth->execute();

    if ($sth->rowCount() == 1) {
        $row = $sth->fetch(PDO::FETCH_ASSOC);
        return $row['_iD'];
    } else {
        return false;
    }
}
从MySQL获取哈希密码的正确方法是什么。。任何建议都将不胜感激

为了将来的支持,我返回了加密的哈希值和以下代码。

    public function User_Login($_iUsername, $_iPassword) {
    $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username AND _iStatus='1'");
    $sth->bindValue(":username", $_iUsername);
    $sth->execute();

    if ($sth->rowCount() == 1) {
        $row = $sth->fetch(PDO::FETCH_ASSOC);
        return $row['_iD'];
    } else {
        return false;
    }

    $sth = $query->fetch();
    if (crypt($_iPassword, $sth['_iPassword']) == $sth['_iPassword']) {
            header("location:index.php");  
        return $sth;
    }
    return false;
}
是的,完美而简短。。是时候阅读和理解它的工作原理了。我发现唯一棘手的部分是
($row&&…
在$row为空时防止通知。因此它首先检查$row。如果是FALSE,它将不会执行以下语句。其余对我来说非常明显,但可以自由地询问您发现unclearThat是我唯一不懂的部分,但添加else statem不是更好吗ent在返回行后返回false?这将是无用的。不返回表示返回为空-与false相同。 
public function User_Login($_iUsername, $_iPassword) {
    $sql = "SELECT _iD, _iPassword FROM users WHERE _iUsername = ? AND _iStatus=1";
    $sth = $this->db->prepare($sql);
    $sth->execute(array($_iUsername));
    $row = $sth->fetch();
    if ($row && crypt($_iPassword, $sth['_iPassword']) == $sth['_iPassword']) {
        return $row['_iD'];
    }
}