我正在进行注册/登录,但我无法获得用于匹配的哈希密码。
if(isset($_POST["pass"])) {
$pass = $_POST["pass"];
$options = array('cost' => 11);
$pass = password_hash("$pass", PASSWORD_BCRYPT, $options)."\n";
}
$sql2 = $db->prepare('INSERT INTO Registrace (Email, Password, Nick) VALUES (:email, :password, :nick)');
$sql2->execute(array(':email' => $email,':password' => $pass, ':nick' => $nick));
已在数据库中输入哈希密码。
现在,如何在登录时使密码与数据库中的密码匹配?
if(isset($_POST["pass"])) {
? ? ? ? ?
}
$sql = $db->prepare("SELECT Nick,Password FROM registrace WHERE Nick=:nick AND Password=:password");
$sql->bindParam(':nick', $_POST['lognick']);
$sql->bindParam(':password', $pass);
$sql->execute();
if($row = $sql->fetch()){
$_SESSION['lognick'] = $row['lognick'];
$_SESSION['lognick'] = $_POST["lognick"];
$_SESSION['time'] = time();
header("Location: Logged.php");
}
else {
$_SESSION['error'] .= "Pass and Nick don't match. ";
header("Location: Login.php");
}
知道该怎么做?
答案 0 :(得分:4)
您需要做的是在数据库中找到用户名并检索哈希值,然后将其传递给password_verify
$sql = $db->prepare("SELECT Nick,Password FROM registrace WHERE Nick=:nick");
// PDO binds and execute here
if($row = $sql->fetch()) {
if(!password_verify($_POST['password'], $row['Password']) { //login fail
答案 1 :(得分:0)
查找密码哈希,然后按如下方式检查输入的密码:
if (password_verify($_POST['pass'], $row['Password'])) {
// Logged in
} else {
// Wrong password
}