如何使用哈希sha256密码进行pdo登录php

时间:2016-10-05 13:28:24

标签: php mysql pdo hash login

我的注册使用hash' sha256'数据库的密码,我不知道使用哈希密码登录的功能..我试过但不修复或我需要使用哈希密码:: 

session_start();

try{
 $bdd = new PDO('mysql:host=localhost; dbname=senio743_payless','senio743_peter', 'P@ssw0rd123');
}
catch (Exception $e) {
 die ('Error: '.$e->getMessage ()); 
}

$data = array ();

if (isset($_POST['submit'])) {
  if (isset($_POST['con_id'])) {
    $conId= htmlspecialchars($_POST['con_id']);
  }

  if (isset($_POST['con_password'])) {
    $pass= htmlspecialchars($_POST['con_password']);
  }

  if ($conId==''||$pass=='') {
    $message="Fill in all the enteries";
    echo "<script>alert('".$message."');</script>";
    exit();
  }

  $query=  "SELECT * FROM `consumer` WHERE `con_id`='".$conId."' AND `con_password`= '".$pass."'";

  $prepare = $bdd->prepare($query);
  $exist = $prepare->execute();

  if ($exist) {
    if ($prepare->rowCount()>0) {
        $data[]=$prepare->fetch();
        foreach ($data as $datas) {
          $con_name=$datas['con_name'];
          $con_amount=$datas['con_amount'];
          //echo $mer_name;
        }
        $_SESSION['ID']= $conId;
        $_SESSION['name']= $con_name;
        $_SESSION['balance']= $con_amount;
       // $message="LOGIN Succesful";
        header("location:../consumer/summary.php");
        exit();
    }
    else {
        $_SESSION['ID']= "";
        $_SESSION['name']= '';
        $_SESSION['balance']= 'Login Please';
        $message="Login not succesful";
        echo "<script>alert('".$message."');</script>";
        header("location:../login.php");
        exit();
    }
 }

请帮忙, 谢谢..

2 个答案:

答案 0 :(得分:1)

不要使用md5()。

PHP具有密码散列函数。

$options = [ 'cost' => 15 ];
$hashed_password = password_hash('password', PASSWORD_BCRYPT, $options);

if(password_verify($_POST['password'], $hashed_password))
{
    // Password the same
}
else
{
    // Password failed
}

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

使用您的脚本可以使用这些行中的某些内容

if (isset($_POST['submit'])) {

 if ($conId==''||$pass=='') {
   $message="Fill in all the enteries";
    echo "<script>alert('".$message."');</script>";
    exit();
  }
  $query = "SELECT * FROM `consumer` WHERE `con_id`= :con_id";
  $prepare = $bdd->prepare($query);
  $prepare->bindParam(':con_id', $con_id);
  $prepare->execute();
  $exists = $prepare->fetch();

  $pass = hash('sha256', $_POST['pass']);
  if($pass == $exists['pass'])
  {
      // Passwords Match
  }
  else
  {
      // They Don't
  }
}

答案 1 :(得分:-1)

哈希函数只是hash('sha256', $pass);

http://php.net/manual/en/function.hash.php

此外,当记录某人时,我总是向用户查询他们的用户名,然后比较PHP中的密码。它应该更快,因为查询没有将200个字符的字符串与数千个其他字符串进行比较。

相关问题
最新问题