这里是寄存器代码,我将哈希密码放在带有salt的数据库上。
<?php
include '../database/connectDB.php';
if (isset($_POST['submit']))
{
$username= $_POST['leguser'] ;
$password= $_POST['legpass'] ;
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
$pwhash = password_hash($password, PASSWORD_DEFAULT, $options)."\n";
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM tbl_users WHERE fld_username = '". $username ."'");
if (mysql_num_rows($query) > 0)
{
echo "<script>alert('Username already used!');</script>"; }
else
{
mysql_query("INSERT INTO `tbl_users`(fld_username,fld_password)
VALUES ('$username','$pwhash')");
}
}
?>
这是我验证密码的登录代码
<?php
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = '';
$DB_NAME = 'rsi_db';
$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
die('Connection failed [' . $conn->connect_error . ']');
}
if (isset($_POST['submit']))
{
$username= $_POST['user'] ;
$password= $_POST['pass'] ;
$sql = "SELECT * FROM tbl_users WHERE fld_username = '$username'";
$result = $conn->query($sql);
if ($result->num_rows === 1) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if (password_verify($password, $row['fld_password'])) {
echo "Match";
}
else
{
echo "not match";
}
}
}
?>
首先我注册了username = 1和password = 1并尝试登录并且它是一个匹配,但是当我尝试注册有效的用户和密码时,它没有匹配。有人可以帮我解决这个问题吗?
先谢谢你,我只是一个php初学者,请不要太难:)
答案 0 :(得分:0)
中有1个空格
$2y$11$H83GgNapOdRZvmVKYtW5.OwL3P4ju/fBHz/KlMIYCr.1M1hhzJbcO <-here
所以如果你把它限制在60,那么中提琴。现在空间消失了
答案 1 :(得分:0)
结尾的新行就是您的问题:
$pwhash = password_hash($password, PASSWORD_DEFAULT, $options)."\n";
______
只需将其从行中删除即可将60个字符的字符串保存到数据库中。你应该删除的另一件事是盐的生成,然后函数本身将为你生成一个安全的盐。
$options = ['cost' => 11];