使用CRYPT_BLOWFISH后匹配密码

时间:2014-03-13 19:32:28

标签: php encryption hash passwords crypt

我已成功创建了密码,并使用CRYPT_BLOWFISH将它们插入数据库。但是,我不知道如何将数据库中的加密密码与用户输入登录的密码相匹配。非常感谢任何帮助。

要使用以下用户输入生成密码:

REGISTER.PHP 

//If there are no errors or returned_records and the form is submitted let's submit the info and register the user
else if(!$error_msg && !$returned_record && $_POST['register']){
    //Place the newly hased/encrypted password into our new_password variable
    function generateHash($password_1){
    if(defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH){
        $salt = '$2y$11$'. substr(md5(uniqid(rand(), true)), 0, 22);
        return crypt($password_1, $salt);
     }//End If
    }//End Function genrateHash*/                   
    $new_password = generateHash($password_1);  
    $pass = $new_password;

    //Build our query
   $sql = ("INSERT INTO members (username, email, password_1) VALUES (?,?,?)");
    //Prepare our query
    $stmt = $mysqli->prepare($sql) or die("Failed Execution");
    //Bind the fields and there paramters to our query
    $stmt->bind_param('sss', $username, $email, $new_password);
    //Execute the query
    $stmt->execute();
    echo $stmt->error;
    header('Location: http://www.yourschoolsincanada.com/english/register/registration-success/');
    exit();
}

的login.php 

if(isset($_POST['login'])){
$username = $_POST['username'];
$password_1 = $_POST['password_1'];

$sql = "SELECT member_id, username, password_1 FROM members WHERE username = ? AND password_1 = ? LIMIT 1";
//Prepare our query
if($stmt = $mysqli->prepare($sql)){
    //Bind the Parameters to the query
    $stmt->bind_param('ss', $username, $password_1);

    //Execute the query
    $result = $stmt->execute();
    /*Store our result to get properties*/
    $stmt->store_result();          
    //Get the number of rows
    $num_of_rows = $stmt->num_rows;     

    //Bind the results of what the query gave us to our three variables
    $stmt->bind_result($id, $username, $password_1);


    if(crypt($password_1, $pass) == $pass){
        echo "Match";
    }
    else{
        echo "Passwords don't match";
    }   
}

1 个答案:

答案 0 :(得分:1)

工作演示

我已经得到以下工作了。 HTML表单和PHP都在同一页面内运行。

<?php
DEFINE ('DB_USER', 'xxx');
DEFINE ('DB_PASSWORD', 'xxx');  
DEFINE ('DB_HOST', 'xxx');
DEFINE ('DB_NAME', 'xxx');

$mysqli = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) 
OR die("could not connect");

if(isset($_POST['login'])){

    $username = htmlentities(trim($_POST['username']));
    $username = mysqli_real_escape_string($mysqli, $username);
    $password = trim($_POST['password']);
    $query = mysqli_query($mysqli, "SELECT username, password_1 FROM members WHERE username = '$username'");
    $row = mysqli_fetch_assoc($query);
    $numrows = mysqli_num_rows($query);
    $dbuser = $row['username'];
    $dbpass = $row['password_1'];
    $hashed_password = crypt($password, $dbpass);

// var_dump($dbuser); // For testing purposes only, can be removed
echo "<hr>";
// var_dump($dbpass); // For testing purposes only, can be removed

    if( ($username == '') || ($password == '') ) {
        $error_string = '<font color=red>You have left either the username or password field blank!</font>';
echo $error_string;
        }
    if ($numrows == 0)
    {
        $error_string = '<font color=red>No username can be found!</font>';

echo $error_string;

        }
    else if ($numrows == 1)
    {

if ($hashed_password == $dbpass)
       {
       $error_string = '<font color=red>Details checked out</font>';

echo $error_string;

       }
    }
    else {
            $error_string = '<font color=red>There was an error. Please contact an Admin</font>';
echo "SORRY Charlie!";
    }

 } // brace for isset login
?>

<form action="" method="post">
Username: 
<input type="text" name="username">
<br>
Password: 
<input type="text" name="password">
<br>
<input type="submit" name="login" value="Submit">
</form>

原始答案

以下情况应该有效,因为我已经得到了一个&#34; 匹配&#34;在同一个文件中使用以下内容。

阅读代码中的注释。

<?php
$password_1 = "1234567890"; // User-entered password

function generateHash($password_1){
    if(defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH){
       $salt = '$2y$11$'. substr(md5(uniqid(rand(), true)), 0, 22);
    return crypt($password_1, $salt);
    }
} 


// Remove the echo. For testing purposes only
echo $new_password = generateHash($password_1);

$pass = $new_password;

echo "<br>";
echo $pass;
echo "<hr>";

// Verify that the password matches and use in your login page
// Syntax: if(crypt($password_entered, $password_hash) == $password_hash)

    if(crypt($password_1,$pass) == $pass) {

    // password is correct
    echo "Match.";

    }

else {
echo "No match.";
}

修改

密码生成器: 

<?php
$password_1 = "1234567890"; // User-entered generated password
// or from a form
// $password_1 = $_POST['password']; // User-entered generated password

function generateHash($password_1){
    if(defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH){
       $salt = '$2y$11$'. substr(md5(uniqid(rand(), true)), 0, 22);
    return crypt($password_1, $salt);
    }
} 

// here you can enter the password into DB
// since we have a successful echo
// Remove the echo. For testing purposes only
echo $new_password = generateHash($password_1);

$pass = $new_password;

echo "<br>";
echo $pass;
echo "<hr>";

登录检查: 

$password_1 = $_POST['password']; // User-entered password

// DB codes example:
$query = mysqli_query($con, "SELECT password FROM users WHERE password='".$password_1."'");

// Verify that the password matches and use in your login page
// Syntax: if(crypt($password_entered, $password_hash) == $password_hash)

    if(crypt($password_1,$pass) == $pass) {

    // password is correct
    echo "Match.";

    }

else {
echo "No match.";
}
相关问题
最新问题