bCrypt从数据库中获取密码(PDO,PHP)

时间:2013-05-24 00:33:33

标签: php mysql pdo bcrypt

我目前正在从md5切换到bcrypt,我可以使用以下代码将bcrypt设置到数据库中。

    public function User_Registration($_iPassword, $_iEmail, $_iUsername) {

    $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username OR _iEmail = :email");
    $sth->execute(array(':username' => $_iUsername, ':email'    => $_iEmail ));

    $row = $sth->fetch(PDO::FETCH_ASSOC);
    $_iD = $row['_iD'];

    if ($sth->rowCount() == 0) {        

        $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);   // create a random salt 
        $hash = crypt($_iPassword, '$2a$12$' . $salt);  // hash incoming password - this works on PHP 5.3 and up

        $sth = $this->db->prepare("INSERT INTO users(_iPassword,_iEmail,_iUsername) VALUES ( :hash_pass, :email, :username)");
        $sth->bindValue(":hash_pass", $hash);
        $sth->bindValue(":email", $_iEmail);
        $sth->bindValue(":username", $_iUsername);
        $sth->execute();

        $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username");
        $sth->execute(array(':username' => $_iUsername));

        $me = "me";
        $sth = $this->db->prepare("INSERT INTO friends (friend_one,friend_two,role) VALUES ( :uid, :uid1, :me )");
        $sth->bindValue(":uid",     $row['_iD']);
        $sth->bindValue(":uid1",    $row['_iD']);
        $sth->bindValue(":me",      $me);
        $sth->execute();
    } else {
        return false;
    }
}

但是我无法从数据库中取回数据,我目前正在使用以下代码来获取用户登录信息:

    public function User_Login($_iUsername,$_iPassword) {
    $md5_password = crypt($_iPassword);

    $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username AND _iPassword = :password AND _iStatus='1'");
    $sth->bindValue(":username", $_iUsername);
    $sth->bindValue(":password", $md5_password);
    $sth->execute();

    if ($sth->rowCount() == 1) {
        $row = $sth->fetch(PDO::FETCH_ASSOC);
        return $row['_iD'];
    } else {
        return false;
    }
}

从MySQL获取哈希密码的正确方法是什么?任何建议都非常感谢。

2 个答案:

答案 0 :(得分:1)

public function User_Login($_iUsername, $_iPassword) {
    $sql = "SELECT _iD, _iPassword FROM users WHERE _iUsername = ? AND _iStatus=1";
    $sth = $this->db->prepare($sql);
    $sth->execute(array($_iUsername));
    $row = $sth->fetch();
    if ($row && crypt($_iPassword, $sth['_iPassword']) == $sth['_iPassword']) {
        return $row['_iD'];
    }
}

答案 1 :(得分:-1)

为了将来的支持,我已使用以下代码返回加密的哈希。 

    public function User_Login($_iUsername, $_iPassword) {
    $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username AND _iStatus='1'");
    $sth->bindValue(":username", $_iUsername);
    $sth->execute();

    if ($sth->rowCount() == 1) {
        $row = $sth->fetch(PDO::FETCH_ASSOC);
        return $row['_iD'];
    } else {
        return false;
    }

    $sth = $query->fetch();
    if (crypt($_iPassword, $sth['_iPassword']) == $sth['_iPassword']) {
            header("location:index.php");  
        return $sth;
    }
    return false;
}
相关问题
最新问题