PHP密码哈希和匹配问题

时间:2016-07-14 15:36:38

标签: php

基本上我需要在login.php中添加到此代码中以匹配register.php中创建的哈希:

的login.php 

if (isset($_POST['Login'])) {
        $username = $_POST['email'];
        $store_password = $_POST['pword'];
        check($username, $store_password);
    }
    function check($username, $pword){
        $conn = mysqli_connect('localhost', 'root', 'root', 'Registrar');
        $check = "SELECT * FROM Users WHERE email='$username'";
        $check_q = mysqli_query($conn, $check) or die("<div class='loginmsg'>Error on checking Username<div>");
        if (mysqli_num_rows($check_q) == 1) {
            login($username, $pword);
        }
        else{
            echo "<div id='loginmsg'>Wrong Email or Password</div>";
        }
    }


function login($username, $pword){
  $conn = mysqli_connect('localhost', 'root', 'root', 'Registrar');
      $login = "SELECT * FROM Users WHERE email='$username'  and pword='$pword'";
      $login_q = mysqli_query($conn, $login) or die('Error on checking Username and Password');
      if (mysqli_num_rows($login_q) == 1){
    header('Location: account.php');
    echo"<div id='loginmsg'> Logged in as $username </div>";
          $_SESSION['username'] = $username;
      }
      else {
          echo "<div id='loginmsg'>Wrong Password </div>";
      }
  }

匹配register.php

中的密码哈希

register.php: 

$uname = $_POST['uname'];
$email = $_POST['email'];
$pword = $_POST['pword'];
$store_password = password_hash('pword', PASSWORD_BCRYPT, array('cost' => 10));

任何帮助都将不胜感激。

2 个答案:

答案 0 :(得分:2)

你必须像这样使用函数password_verify 

if (password_verify($given_password, $stored_password)) {
    echo 'Password is valid!';
} else {
    echo 'Invalid password.';
}

因此,您必须从db中检索给定用户名的结果并比较密码。

实际上

    function login($username, $pword){
    $conn = mysqli_connect('localhost', 'root', 'root', 'Registrar');
        $login = "SELECT email, pword FROM Users WHERE email='$username'";
        $login_q = mysqli_query($conn, $login) or die('Error on checking Username and Password');
        if (mysqli_num_rows($login_q) == 1){
  if(password_verify($pword, mysqli_fetch_field($login_q,1))){
      header('Location: account.php');
      echo"<div id='loginmsg'> Logged in as $username </div>";
            $_SESSION['username'] = $username;
        }
  else {
    echo "<div id='loginmsg'>Wrong Password </div>";
        }
  }
  else {
    echo "<div id='loginmsg'>Unknown Username </div>";
}
    }

答案 1 :(得分:1)

你应该分开任务,你可能希望有2-4个左右的功能(或通过一个类的方法)。这是一个非常简单的工作流程示例。我打算使用PDO,因为我知道它更好:

ionic start coolproject blank
相关问题
最新问题