Fatal编程技术网
  • php/
  • Php 如何实现密码\u散列码

Php 如何实现密码\u散列码

php

Php 如何实现密码\u散列码,php,Php,好的,所以我的代码有点棘手,我正在使用密码\u散列,它在我的Register.php页面上运行良好,但当我尝试在代码中实现时,它失败了,所以这里有一个新的代码,如果有人可以尝试或向我指出正确的方向,如何做到这一点,我应该在编码时这样做,但我从来没有这样做过。代码如下 我想实现密码散列和密码验证 if (!($user -> LoggedIn())) { if (isset($_POST['logINBoss'])) { $username = htmlspecialchars($_

好的,所以我的代码有点棘手,我正在使用密码\u散列,它在我的Register.php页面上运行良好,但当我尝试在代码中实现时,它失败了,所以这里有一个新的代码,如果有人可以尝试或向我指出正确的方向,如何做到这一点,我应该在编码时这样做,但我从来没有这样做过。代码如下 我想实现密码散列和密码验证

if (!($user -> LoggedIn()))
{
if (isset($_POST['logINBoss']))
{
    $username = htmlspecialchars($_POST['username']);
    $password = htmlspecialchars($_POST['password']);
    $errors = array();
    if (!ctype_alnum($username) || strlen($username) < 3 || strlen($username) > 15)
    {
        //$errors[] = 'Username Must Be  Alphanumberic And 4-15 characters in length';
    }

    if (empty($username) || empty($password))
    {
        $errors[] = '<center><div class="sufee-alert alert with-close alert-danger alert-dismissible fade show" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Fill in all fields.</div></center>">';
    }
        $SQL = $odb->prepare("SELECT `status` FROM `users` WHERE `username` = :username");
        $SQL->execute(array(':username' => $username));
        $status = $SQL->fetchColumn(0);
        if($status == 1)
        {
        $SQL = $odb->prepare("SELECT `reason` FROM `bans` WHERE `username` = :username");
        $SQL->execute(array(':username' => $username));
        $ban = $SQL->fetchColumn(0);
        header('location: banned.php');
        }
    if (empty($errors))
    {
        $SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
        $SQLCheckLogin -> execute(array(':username' => $username, ':password' => password_hash($password, PASSWORD_DEFAULT)));
        $countLogin = $SQLCheckLogin -> fetchColumn(0);
        if ($countLogin == 1)
        {
            $SQLGetInfo = $odb -> prepare("SELECT `username`, `ID`, `status` FROM `users` WHERE `username` = :username AND `password` = :password");
            $SQLGetInfo -> execute(array(':username' => $username, ':password' => password_hash($password, PASSWORD_DEFAULT)));
            $userInfo = $SQLGetInfo -> fetch(PDO::FETCH_ASSOC);
        if ($countLogin == 1)
        {
                $logAddr = $odb->prepare("INSERT INTO `login_history` (`username`,`ip`,`date`,`http_agent`) VALUES (:user, :ip, UNIX_TIMESTAMP(NOW()), :agent);");
                $logAddr->execute(array( ":user" => $username, ":ip" => $_SERVER['REMOTE_ADDR'], ":agent" => $_SERVER['HTTP_USER_AGENT']));
                htmlspecialchars($_SESSION['username'] = $userInfo['username']);
                htmlspecialchars($_SESSION['ID'] = $userInfo['ID']);
        echo '<center><div class="sufee-alert alert with-close alert-success alert-dismissible fade show" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Login Successful!</div></center><meta http-equiv="refresh" content="1;url=index.php">';
            }
            else
            {
        echo '<center><div class="sufee-alert alert with-close alert-danger alert-dismissible fade show" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>You are Banned!</div></center>';
            }
        }
        else
        {
        echo '<center><div class="sufee-alert alert with-close alert-warning alert-dismissible fade show" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><i class="mdi mdi-check-all"></i>Login Failed!</div></center>';
        }
    }
    else
    {
        echo '<div class="alert alert-danger"><p><strong>ERROR:</strong><br />';
        foreach($errors as $error)
        {
            echo '-'.htmlspecialchars_decode($error).'<br />';
        }
        echo '</div>';
    }
    }
}

从数据库获取用户时,请按用户名搜索,而不是按用户名和密码搜索。 一旦从数据库中检索到散列,就不要使用密码\u散列,因为它将为您提供不同的散列!更好地使用密码\u验证:

通过这种方式,您可以验证密码,这就是password\u verify存在的原因,因为password\u hash添加了salt以更好地保护密码,即使使用相同的明文,也会给出不同的哈希值。

我很困惑,我对这一点完全不熟悉,我已经不停地查找,但没有进展。请尝试将代码缩小到特定的实现问题。重新解释前面问题中已经讨论过的内容没有多大意义。我尝试在顶部$hashed\u password=password\u hash$\u post[password],password\u DEFAULT;如果password\u verify$\u POST[password],$hashd\u password但仍然不起作用:/如果您了解基本用法,则无法很好地传达这一信息。再次查看链接问题。否则,显示最后一次尝试,减少代码禁止和登录历史都不相关,显示输入、数据库内容和变量转储示例。删除所有这些和密码=:password从数据库中选择哈希密码,让我们将其命名为$row['password'],并将其与纯文本输入密码进行比较,密码\u验证是否为您执行加密。密码\u验证$\u POST['password'],$row['password']