在PHP中使用密码验证
我正在为iOS应用程序开发登录系统 这是我用来向应用程序发送JSON响应的PHP脚本的一部分:在PHP中使用密码验证,php,Php,我正在为iOS应用程序开发登录系统 这是我用来向应用程序发送JSON响应的PHP脚本的一部分: if(isset($_POST['correo']) && isset($_POST['pass']) && $_POST['key'] == "123456") { $password = $_POST['pass']; $q = mysqli_query($mysqli,"SELECT * FROM users WHERE email =
if(isset($_POST['correo']) && isset($_POST['pass']) && $_POST['key'] == "123456")
{
$password = $_POST['pass'];
$q = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '".$_POST['correo']."' AND
encrypted_password = '".$_POST['pass']."'") or die (mysqli_error());
if(mysqli_num_rows($q) >= 1){
$r = mysqli_fetch_array($q);
// this is the hash of the password in above example
$hash = $r['encrypted_password'];
if (password_verify($password, $hash)) {
$results = Array("error" => "1","mensaje" => "su ID es ".$r['id'],"nombre" => $r['nombre'],"apellidos" => $r['apellidos'],"email" => $r['email'],
"imagen" => $r['imagen'],"unidad" => $r['unidad']);
} else {
$results = Array("error" => "2","mensaje" => " acceso denegado ");
}
}else{
$results = Array("error" => "3","mensaje" => "no existe");
}
}
echo json_encode($results);
谢谢您不需要在
WHERE密码$q = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '".$_POST['correo']."'") or die (mysqli_error());
if(mysqli_num_rows($q) >= 1){
$r = mysqli_fetch_array($q);
// this is the hash of the password in above example
$hash = $r['encrypted_password'];
//you need to match the password from form post against password from DB using password_hash
if (password_verify($password, $hash)) {
要防止SQL注入,请使用参数化查询ref:您的mysqli\u查询将始终返回空结果,因为您将未加密的值传递给查询,并试图使其等于加密的
加密的\u密码='”。$\u POST['pass']加密的hahsedWHERE email=''.$\u POST['correo'].'''.'