所以我有我的桌面用户(使用加密密码),并且正在使用它与symfony
security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
并尝试在某些数据库中连接我的Android应用程序,但这不可能导致密码被加密,我甚至尝试在php / lib / password.php下添加新的Libary来使用“password_hash($ password,PASSWORD_DEFAULT) “
我希望能找到一个解决方案的人,我对此非常不满。
这是htdocs下的“login.php”将我的Android应用程序连接到数据库
<?php
define('HOST','localhost');
define('USER','root');
define('PASS','');
define('DB','swib');
$con = mysqli_connect(HOST,USER,PASS,DB);
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = password_hash($password, PASSWORD_DEFAULT);
$sql = "select * from swib_user where username='$username' and password='$password2'";
$res = mysqli_query($con,$sql);
$check = mysqli_fetch_array($res);
if (isset($check)) {
echo 'success';
} else {
echo 'failure';
}
mysqli_close($con);
?>
ps:用其他数据库工作没问题(我的意思是用普通密码,不加密)
答案 0 :(得分:0)
<?php
// if this is under web folder
// adjust it according where this script is located
require_once '../vendor/autoload.php';
use Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;
$encoder = new BCryptPasswordEncoder(16); // initialize with some int between 4 and 31
define('HOST', 'localhost');
define('USER', 'root');
define('PASS', '');
define('DB', 'database');
$con = mysqli_connect(HOST,USER,PASS,DB);
$username = mysqli_real_escape_string($con, $_POST['username']); // don't forget about security
$password = $_POST['password'];
$sql = "select password, salt from swib_user where username='$username'"; // if you do not have salt in your table, remove it from select and leave only password
$res = mysqli_query($con, $sql);
$check = mysqli_fetch_array($res);
// if you do not have salt in your table, you should use returning value of $user->getSalt() method for this user. or null if you don't use salt
if (isset($check) && $encoder->isPasswordValid($check['password'], $password, $check['salt'])) {
echo 'success';
} else {
echo 'failure';
}
mysqli_close($con);