bCrypt从数据库获取密码(PDO、PHP)
我目前正在从md5切换到bcrypt,并且我能够使用以下代码将bcrypt设置到数据库中bCrypt从数据库获取密码(PDO、PHP),php,mysql,pdo,bcrypt,Php,Mysql,Pdo,Bcrypt,我目前正在从md5切换到bcrypt,并且我能够使用以下代码将bcrypt设置到数据库中 public function User_Registration($_iPassword, $_iEmail, $_iUsername) { $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username OR _iEmail = :email"); $sth->exec
public function User_Registration($_iPassword, $_iEmail, $_iUsername) {
$sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username OR _iEmail = :email");
$sth->execute(array(':username' => $_iUsername, ':email' => $_iEmail ));
$row = $sth->fetch(PDO::FETCH_ASSOC);
$_iD = $row['_iD'];
if ($sth->rowCount() == 0) {
$salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22); // create a random salt
$hash = crypt($_iPassword, '$2a$12$' . $salt); // hash incoming password - this works on PHP 5.3 and up
$sth = $this->db->prepare("INSERT INTO users(_iPassword,_iEmail,_iUsername) VALUES ( :hash_pass, :email, :username)");
$sth->bindValue(":hash_pass", $hash);
$sth->bindValue(":email", $_iEmail);
$sth->bindValue(":username", $_iUsername);
$sth->execute();
$sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username");
$sth->execute(array(':username' => $_iUsername));
$me = "me";
$sth = $this->db->prepare("INSERT INTO friends (friend_one,friend_two,role) VALUES ( :uid, :uid1, :me )");
$sth->bindValue(":uid", $row['_iD']);
$sth->bindValue(":uid1", $row['_iD']);
$sth->bindValue(":me", $me);
$sth->execute();
} else {
return false;
}
}
但是我无法从数据库中取回数据,我目前正在使用以下代码取回用户登录信息:
public function User_Login($_iUsername,$_iPassword) {
$md5_password = crypt($_iPassword);
$sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username AND _iPassword = :password AND _iStatus='1'");
$sth->bindValue(":username", $_iUsername);
$sth->bindValue(":password", $md5_password);
$sth->execute();
if ($sth->rowCount() == 1) {
$row = $sth->fetch(PDO::FETCH_ASSOC);
return $row['_iD'];
} else {
return false;
}
}
从MySQL获取哈希密码的正确方法是什么。。任何建议都将不胜感激 为了将来的支持,我返回了加密的哈希值和以下代码。
public function User_Login($_iUsername, $_iPassword) {
$sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username AND _iStatus='1'");
$sth->bindValue(":username", $_iUsername);
$sth->execute();
if ($sth->rowCount() == 1) {
$row = $sth->fetch(PDO::FETCH_ASSOC);
return $row['_iD'];
} else {
return false;
}
$sth = $query->fetch();
if (crypt($_iPassword, $sth['_iPassword']) == $sth['_iPassword']) {
header("location:index.php");
return $sth;
}
return false;
}
是的,完美而简短。。是时候阅读和理解它的工作原理了。我发现唯一棘手的部分是
($row&&…
在$row为空时防止通知。因此它首先检查$row。如果是FALSE,它将不会执行以下语句。其余对我来说非常明显,但可以自由地询问您发现unclearThat是我唯一不懂的部分,但添加else statem不是更好吗ent在返回行后返回false?这将是无用的。不返回表示返回为空-与false相同。
public function User_Login($_iUsername, $_iPassword) {
$sql = "SELECT _iD, _iPassword FROM users WHERE _iUsername = ? AND _iStatus=1";
$sth = $this->db->prepare($sql);
$sth->execute(array($_iUsername));
$row = $sth->fetch();
if ($row && crypt($_iPassword, $sth['_iPassword']) == $sth['_iPassword']) {
return $row['_iD'];
}
}