Php 需要salt、hash登录验证建议吗_Php_Database_Hash_Passwords_Salt

Php 需要salt、hash登录验证建议吗

php database hash passwords

Php 需要salt、hash登录验证建议吗,php,database,hash,passwords,salt,Php,Database,Hash,Passwords,Salt,我的注册页面如下所示： <?php include 'connect.php'; $username = mysqli_real_escape_string($conn, $_POST['username']); $password = $_POST['password']; $email = mysqli_real_escape_string($conn, $_POST['email']); $usercheck = mysqli_query

我的注册页面如下所示：

<?php

    include 'connect.php'; 

    $username = mysqli_real_escape_string($conn, $_POST['username']);
    $password = $_POST['password'];
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $usercheck = mysqli_query($conn,"SELECT username FROM users WHERE username =    '".$username."'");
    $emailcheck = mysqli_query($conn,"SELECT email FROM users WHERE email = '".$email."'");

    $cost = 10;
    $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
    $salt = sprintf("$2a$%02d$", $cost) . $salt;
    $hash = crypt($password, $salt);

    if (mysqli_num_rows($usercheck) > 0) 
    {
        echo "username already exist";
    }
    elseif (mysqli_num_rows($emailcheck) > 0) 
    {
        echo"email already exist";
    }
    else
    {
        $sql="INSERT INTO `database`.`users` (`username`, `password`,  `email`) VALUES ('$username', '$hash', '$email')";
        echo "account created";
        if (!mysqli_query($conn, $sql))
        {
            die('error ' . mysqli_error($conn));
        }
    }

    mysqli_close($conn);

?>

里卡多

我在其中一个中看到了mysqli_uuuu代码，然后在另一个中看到了PDO。你不是为了那个PDO才和mysqli联系的，是吗？如果是这样的话，你不能把它们混在一起。@Fred ii可能重复-我正在使用mysqli连接数据库$conn=new mysqli（$host、$user、$adminpassword、$db）；因此，我应该将登录名更改为mysqli命令？您不能使用mysqli连接，然后使用该变量来查询。从连接到查询，您必须使用相同的MySQL API。您使用了错误的数据库字段

$user->users

，而不是

$user->password

。使用

if（password\u verify（$password，$user->password））

和

$hash=password\u hash（$password）

进行注册更容易、更好。

<?php

    include 'connect.php';

    $username       = $_POST['username']; 
    $password       = $_POST['password']; 

    $sth = $conn->prepare('SELECT * FROM users WHERE username = :username LIMIT 1');

    $sth->bindParam(':username', $username);

    $sth->execute();

    $user = $sth->fetch(PDO::FETCH_OBJ);

    // Hashing the password with its hash as the salt returns the same hash
    if ( crypt($password, $user->users) == $user->users ) {

        echo "login?";
    }
        else 
    {
        echo "error?";
    }

?>

<?php
            include 'connect.php';
    // Define $username and $password
    $username=$_post['username'];
    $password=$_post['password'];


    //Check username and password from database
    $sql="SELECT username FROM users WHERE username='$username' and password='$password'LIMIT 1";
    $result=mysqli_query($db,$sql);


    //If username and password exist in our database then create a session.
    //Otherwise echo error.

    if(mysqli_num_rows($result) == 1)
    {
    $_SESSION['username'] = $login_user; // Initializing Session
    header("location: register.php"); // Redirecting To Other Page
    }else
    {
    echo"testwrong";
    }

            ?>