php登录mysql加密密码

时间:2015-09-07 21:50:07

标签: php mysql

我试图将php登录表单设置为我不想修改的现有数据库,似乎我已经建立了与DB和正确表格的所有正确连接,但是密码是加密的,当我尝试登录时说"密码错误。再试一次

这是我的代码

/**
 * log in with post data
 */
private function dologinWithPostData()
{
    // check login form contents
    if (empty($_POST['user_name'])) {
        $this->errors[] = "Username field was empty.";
    } elseif (empty($_POST['user_password'])) {
        $this->errors[] = "Password field was empty.";
    } elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {

        // create a database connection, using the constants from config/db.php (which we loaded in index.php)
        $this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

        // change character set to utf8 and check it
        if (!$this->db_connection->set_charset("utf8")) {
            $this->errors[] = $this->db_connection->error;
        }

        // if no connection errors (= working database connection)
        if (!$this->db_connection->connect_errno) {

            // escape the POST stuff
            $user_name = $this->db_connection->real_escape_string($_POST['user_name']);

            // database query, getting all the info of the selected user (allows login via email address in the
            // username field)
            $sql = "SELECT nickname, user_email, user_password
                    FROM tbl_users
                    WHERE nickname = '" . $user_name . "' OR user_email = '" . $user_name . "';";
            $result_of_login_check = $this->db_connection->query($sql);

            // if this user exists
            if ($result_of_login_check->num_rows == 1) {

                // get result row (as an object)
                $result_row = $result_of_login_check->fetch_object();

                // using PHP 5.5's password_verify() function to check if the provided password fits
                // the hash of that user's password
                if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {

                    // write user data into PHP SESSION (a file on your server)
                    $_SESSION['nickname'] = $result_row->user_name;
                    $_SESSION['user_email'] = $result_row->user_email;
                    $_SESSION['user_login_status'] = 1;

                } else {
                    $this->errors[] = "Wrong password. Try again.";
                }
            } else {
                $this->errors[] = "This user does not exist.";
            }
        } else {
            $this->errors[] = "Database connection problem.";
        }
    }
}

如何登录数据库,因为存储在数据库中的密码是加密的?

1 个答案:

答案 0 :(得分:1)

密码可能首先被散列,您必须确定在数据库中存储密码时使用的some people。那么你可以像下面这样做我假设密码是使用广泛使用但可利用的md5进行哈希,但如果密码也是hashing function,我担心你也必须学习盐词,否则基于使用的哈希算法几乎不可能。使用这种方式访问​​数据库也非常容易,我建议您查看salted

$sql = "SELECT nickname, user_email, user_password
                FROM tbl_users
                WHERE nickname = '" . $user_name . "' OR user_email = '" . $user_name . "'AND user_password = ''" . md5($user_password)."'";
相关问题
最新问题