Fatal编程技术网
  • php/
  • Php 比较密码似乎不起作用

Php 比较密码似乎不起作用

php

Php 比较密码似乎不起作用,php,crypt,Php,Crypt,我在使用crypt比较密码时遇到问题,一个密码来自post,另一个密码来自我的数据库 以下是我的登录代码和示例: $username = $_POST['username']; $password = $_POST['password']; $cryptSalt = '$2y$06$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG'; $password = crypt($password, $cryptSalt); if

我在使用crypt比较密码时遇到问题,一个密码来自post,另一个密码来自我的数据库

以下是我的登录代码和示例:

$username   = $_POST['username'];
$password   = $_POST['password'];
$cryptSalt  = '$2y$06$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password   = crypt($password, $cryptSalt);

if($login = $con->prepare("SELECT userID,userName,userPassword FROM users WHERE userName=?")) {
    $login->bind_param("s", $username);
    if($login->execute()) {
        $login->bind_result($userID,$username,$currentPassword);
        while($login->fetch()) {
            if(crypt($password, $currentPassword) == $currentPassword) {
                echo "<p class='alert'>Password Correct</p>";
            } else {
                echo "<p class='alert'>Password Incorrect</p>";
            };
        };
    } else {
        echo "<p class='alert'>User Not Found</p>";
    };
};
$login->close();
每当我输入正确的密码时,它仍然输出密码不正确,这有什么原因吗

$username       = $_POST['username'];
$firstName      = $_POST['firstName'];
$lastName       = $_POST['lastName'];
$emailAddress   = $_POST['emailAddress'];
$cryptSalt      = '$2y$06$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password       = $_POST['password'];
$password       = crypt($password, $cryptSalt);

if($register = $con->prepare("INSERT INTO users(userName,userFirstName,userLastName,userEmailAddress,userPassword) VALUES(?,?,?,?,?)")) {
    $register->bind_param("sssss", $username,$firstName,$lastName,$emailAddress,$password);
    if($register->execute()) {
        echo "<p class='alert'>Account Created</p>";
    } else {
        echo "<p class='alert'>Execution Error: Account Creation</p>";
    };
};
$register->close();
注意:这是一个内部网站,sql注入不是问题。

第4行和第10行的哈希值似乎太多了,但您要做的是将输入密码的哈希值与de数据库中的哈希值进行比较

$username   = $_POST['username'];
$password   = $_POST['password'];
$cryptSalt  = '$2y$06$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password   = crypt($password, $cryptSalt);

if($login = $con->prepare("SELECT userID,userName,userPassword FROM users WHERE userName=?")) {
    $login->bind_param("s", $username);
    if($login->execute()) {
        $login->bind_result($userID,$username,$currentPassword);
        while($login->fetch()) {
            if($password == $currentPassword) {
                echo "<p class='alert'>Password Correct</p>";
            } else {
                echo "<p class='alert'>Password Incorrect</p>";
            };
        };
    } else {
        echo "<p class='alert'>User Not Found</p>";
    };
};
$login->close();

看起来第4行和第10行的散列次数太多了,但要做的是将输入密码的散列与de数据库中的散列进行比较

$username   = $_POST['username'];
$password   = $_POST['password'];
$cryptSalt  = '$2y$06$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password   = crypt($password, $cryptSalt);

if($login = $con->prepare("SELECT userID,userName,userPassword FROM users WHERE userName=?")) {
    $login->bind_param("s", $username);
    if($login->execute()) {
        $login->bind_result($userID,$username,$currentPassword);
        while($login->fetch()) {
            if($password == $currentPassword) {
                echo "<p class='alert'>Password Correct</p>";
            } else {
                echo "<p class='alert'>Password Incorrect</p>";
            };
        };
    } else {
        echo "<p class='alert'>User Not Found</p>";
    };
};
$login->close();