Fatal编程技术网
  • php/
  • Php 当密码加密为BCRYPT时,使用android验证登录

Php 当密码加密为BCRYPT时,使用android验证登录

php android web-services symfony

Php 当密码加密为BCRYPT时,使用android验证登录,php,android,web-services,symfony,bcrypt,Php,Android,Web Services,Symfony,Bcrypt,因此,我有了我的表用户(带有加密密码),我可以在symfony中使用它 security.yml security: encoders: FOS\UserBundle\Model\UserInterface: bcrypt 并试图在some DB中连接我的android应用程序,但这不可能,因为密码被加密了,我甚至尝试在php/lib/password.php下添加新的库以使用“password\u hash($password,password\u DEFAULT)” 我希望大家一起

因此,我有了我的表用户(带有加密密码),我可以在symfony中使用它

security.yml

security:
encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt
并试图在some DB中连接我的android应用程序,但这不可能,因为密码被加密了,我甚至尝试在php/lib/password.php下添加新的库以使用“password\u hash($password,password\u DEFAULT)”

我希望大家一起找到解决办法,我真的很难过

这是我在htdocs下的“login.php”,用于将我的android应用程序连接到DB

<?php

    define('HOST','localhost');
    define('USER','root');
    define('PASS','');
    define('DB','swib');

    $con = mysqli_connect(HOST,USER,PASS,DB);

    $username = $_POST['username'];
    $password = $_POST['password'];

    $password2 = password_hash($password, PASSWORD_DEFAULT);

    $sql = "select * from swib_user where username='$username' and password='$password2'";

    $res = mysqli_query($con,$sql);



    $check = mysqli_fetch_array($res);

    if (isset($check)) {
      echo 'success';
    } else {
      echo 'failure';
    }

    mysqli_close($con);

?>
ps:这对另一个DB没问题(我是说使用普通密码,不加密)

你应该检查手册,由于盐的变化,每次新的哈希都会不同。您需要
密码\u验证
。谢谢@jeroen我尝试了您的解决方案,但仍然不起作用。

<?php

// if this is under web folder
// adjust it according where this script is located
require_once '../vendor/autoload.php';

use Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;

$encoder = new BCryptPasswordEncoder(16); // initialize with some int between 4 and 31

define('HOST', 'localhost');
define('USER', 'root');
define('PASS', '');
define('DB', 'database');

$con = mysqli_connect(HOST,USER,PASS,DB);

$username = mysqli_real_escape_string($con, $_POST['username']); // don't forget about security
$password = $_POST['password'];

$sql = "select password, salt from swib_user where username='$username'"; // if you do not have salt in your table, remove it from select and leave only password

$res = mysqli_query($con, $sql);
$check = mysqli_fetch_array($res);

// if you do not have salt in your table, you should use returning value of $user->getSalt() method for this user. or null if you don't use salt
if (isset($check) && $encoder->isPasswordValid($check['password'], $password, $check['salt'])) {
    echo 'success';
} else {
    echo 'failure';
}

mysqli_close($con);