使用存储在Mysql中的哈希密码以及php中的密码_verify()验证登录
我有一个网站,我正在用使用存储在Mysql中的哈希密码以及php中的密码_verify()验证登录,php,mysql,hash,basic-authentication,Php,Mysql,Hash,Basic Authentication,我有一个网站,我正在用password\u hash()和password\u verify()编程注册/登录系统。我已成功地将带有哈希密码的注册详细信息插入数据库。我的问题是如何使用此哈希密码对用户进行身份验证 以下是身份验证代码: <?php session_start(); $host="localhost"; $username="yyy"; $password="yyyy"; $db_name="yyyy"; $tbl_name="users"; $link = new mysq
password\u hash()
和password\u verify()编程注册/登录系统。我已成功地将带有哈希密码的注册详细信息插入数据库。我的问题是如何使用此哈希密码对用户进行身份验证
以下是身份验证代码:
<?php
session_start();
$host="localhost";
$username="yyy";
$password="yyyy";
$db_name="yyyy";
$tbl_name="users";
$link = new mysqli("$host", "$username", "$password", "$db_name");
if (mysqli_connect_error()) {
die('Connect Error (' . mysqli_connect_errno() . ') '
. mysqli_connect_error());
}
$username = mysqli_real_escape_string($link, $_POST['username']);
$pwd = mysqli_real_escape_string($link, ($_POST['password']));
$query = mysqli_query($link, "SELECT * from $tbl_name WHERE username='$username'"); //Query the users table if there are matching rows equal to $username
$exists = mysqli_num_rows($query); //Checks if username exists
$table_users = "";
$table_password = "";
$password = 0 ;
if($exists > 0) //IF there are no returning rows or no existing username
{
while($row = mysqli_fetch_assoc($query)) //display all rows from query
{
$table_users = $row['username']; // the first username row is passed on to $table_users, and so on until the query is finished
$table_password = $row['password']; // the first password row is passed on to $table_users, and so on until the query is finished
$password = (password_verify($pwd, $table_password));
}
if(($username == $table_users) && ($password))
{
if($password) {
$_SESSION['user'] = $username; //set the username in a session. This serves as a global variable
header("location: session.php"); // redirects the user to the authenticated home page
}
}
else
{
Print '<script>alert("Incorrect Password!");</script>';
Print '<script>window.location.assign("login.php");</script>';
}
}
else
{
Print '<script>alert("Incorrect Username!");</script>';
Print '<script>window.location.assign("login.php");</script>';
}
?>
password\u verify()
似乎总是向$password
变量返回false或0”。
非常感谢您的帮助。您为什么要做$pwd=mysqli\u real\u escape\u string($link,($\u POST['password']);
?即使没有它,同样的事情也会发生,但我不认为这样做会有多大的不同。我不确定为什么要通过在注册页面中删除mysqli\u real\u escape\u string()来实现它。谢谢