Php 当密码加密为BCRYPT时,使用android验证登录
因此,我有了我的表用户(带有加密密码),我可以在symfony中使用它 security.ymlPhp 当密码加密为BCRYPT时,使用android验证登录,php,android,web-services,symfony,bcrypt,Php,Android,Web Services,Symfony,Bcrypt,因此,我有了我的表用户(带有加密密码),我可以在symfony中使用它 security.yml security: encoders: FOS\UserBundle\Model\UserInterface: bcrypt 并试图在some DB中连接我的android应用程序,但这不可能,因为密码被加密了,我甚至尝试在php/lib/password.php下添加新的库以使用“password\u hash($password,password\u DEFAULT)” 我希望大家一起
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
并试图在some DB中连接我的android应用程序,但这不可能,因为密码被加密了,我甚至尝试在php/lib/password.php下添加新的库以使用“password\u hash($password,password\u DEFAULT)”
我希望大家一起找到解决办法,我真的很难过
这是我在htdocs下的“login.php”,用于将我的android应用程序连接到DB
<?php
define('HOST','localhost');
define('USER','root');
define('PASS','');
define('DB','swib');
$con = mysqli_connect(HOST,USER,PASS,DB);
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = password_hash($password, PASSWORD_DEFAULT);
$sql = "select * from swib_user where username='$username' and password='$password2'";
$res = mysqli_query($con,$sql);
$check = mysqli_fetch_array($res);
if (isset($check)) {
echo 'success';
} else {
echo 'failure';
}
mysqli_close($con);
?>
ps:这对另一个DB没问题(我是说使用普通密码,不加密)
你应该检查手册,由于盐的变化,每次新的哈希都会不同。您需要密码\u验证。谢谢@jeroen我尝试了您的解决方案,但仍然不起作用。
<?php
// if this is under web folder
// adjust it according where this script is located
require_once '../vendor/autoload.php';
use Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;
$encoder = new BCryptPasswordEncoder(16); // initialize with some int between 4 and 31
define('HOST', 'localhost');
define('USER', 'root');
define('PASS', '');
define('DB', 'database');
$con = mysqli_connect(HOST,USER,PASS,DB);
$username = mysqli_real_escape_string($con, $_POST['username']); // don't forget about security
$password = $_POST['password'];
$sql = "select password, salt from swib_user where username='$username'"; // if you do not have salt in your table, remove it from select and leave only password
$res = mysqli_query($con, $sql);
$check = mysqli_fetch_array($res);
// if you do not have salt in your table, you should use returning value of $user->getSalt() method for this user. or null if you don't use salt
if (isset($check) && $encoder->isPasswordValid($check['password'], $password, $check['salt'])) {
echo 'success';
} else {
echo 'failure';
}
mysqli_close($con);