Php 需要salt、hash登录验证建议吗
我的注册页面如下所示:Php 需要salt、hash登录验证建议吗,php,database,hash,passwords,salt,Php,Database,Hash,Passwords,Salt,我的注册页面如下所示: <?php include 'connect.php'; $username = mysqli_real_escape_string($conn, $_POST['username']); $password = $_POST['password']; $email = mysqli_real_escape_string($conn, $_POST['email']); $usercheck = mysqli_query
<?php
include 'connect.php';
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = $_POST['password'];
$email = mysqli_real_escape_string($conn, $_POST['email']);
$usercheck = mysqli_query($conn,"SELECT username FROM users WHERE username = '".$username."'");
$emailcheck = mysqli_query($conn,"SELECT email FROM users WHERE email = '".$email."'");
$cost = 10;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("$2a$%02d$", $cost) . $salt;
$hash = crypt($password, $salt);
if (mysqli_num_rows($usercheck) > 0)
{
echo "username already exist";
}
elseif (mysqli_num_rows($emailcheck) > 0)
{
echo"email already exist";
}
else
{
$sql="INSERT INTO `database`.`users` (`username`, `password`, `email`) VALUES ('$username', '$hash', '$email')";
echo "account created";
if (!mysqli_query($conn, $sql))
{
die('error ' . mysqli_error($conn));
}
}
mysqli_close($conn);
?>
里卡多我在其中一个中看到了mysqli_uuuu代码,然后在另一个中看到了PDO。你不是为了那个PDO才和mysqli联系的,是吗?如果是这样的话,你不能把它们混在一起。@Fred ii可能重复-我正在使用mysqli连接数据库$conn=new mysqli($host、$user、$adminpassword、$db);因此,我应该将登录名更改为mysqli命令?您不能使用mysqli连接,然后使用该变量来查询。从连接到查询,您必须使用相同的MySQL API。您使用了错误的数据库字段
$user->users
,而不是$user->password
。使用if(password\u verify($password,$user->password))
和$hash=password\u hash($password)
进行注册更容易、更好。
<?php
include 'connect.php';
$username = $_POST['username'];
$password = $_POST['password'];
$sth = $conn->prepare('SELECT * FROM users WHERE username = :username LIMIT 1');
$sth->bindParam(':username', $username);
$sth->execute();
$user = $sth->fetch(PDO::FETCH_OBJ);
// Hashing the password with its hash as the salt returns the same hash
if ( crypt($password, $user->users) == $user->users ) {
echo "login?";
}
else
{
echo "error?";
}
?>
<?php
include 'connect.php';
// Define $username and $password
$username=$_post['username'];
$password=$_post['password'];
//Check username and password from database
$sql="SELECT username FROM users WHERE username='$username' and password='$password'LIMIT 1";
$result=mysqli_query($db,$sql);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: register.php"); // Redirecting To Other Page
}else
{
echo"testwrong";
}
?>