我的注册使用hash' sha256'数据库的密码,我不知道使用哈希密码登录的功能..我试过但不修复或我需要使用哈希密码::
session_start();
try{
$bdd = new PDO('mysql:host=localhost; dbname=senio743_payless','senio743_peter', 'P@ssw0rd123');
}
catch (Exception $e) {
die ('Error: '.$e->getMessage ());
}
$data = array ();
if (isset($_POST['submit'])) {
if (isset($_POST['con_id'])) {
$conId= htmlspecialchars($_POST['con_id']);
}
if (isset($_POST['con_password'])) {
$pass= htmlspecialchars($_POST['con_password']);
}
if ($conId==''||$pass=='') {
$message="Fill in all the enteries";
echo "<script>alert('".$message."');</script>";
exit();
}
$query= "SELECT * FROM `consumer` WHERE `con_id`='".$conId."' AND `con_password`= '".$pass."'";
$prepare = $bdd->prepare($query);
$exist = $prepare->execute();
if ($exist) {
if ($prepare->rowCount()>0) {
$data[]=$prepare->fetch();
foreach ($data as $datas) {
$con_name=$datas['con_name'];
$con_amount=$datas['con_amount'];
//echo $mer_name;
}
$_SESSION['ID']= $conId;
$_SESSION['name']= $con_name;
$_SESSION['balance']= $con_amount;
// $message="LOGIN Succesful";
header("location:../consumer/summary.php");
exit();
}
else {
$_SESSION['ID']= "";
$_SESSION['name']= '';
$_SESSION['balance']= 'Login Please';
$message="Login not succesful";
echo "<script>alert('".$message."');</script>";
header("location:../login.php");
exit();
}
}
请帮忙, 谢谢..
答案 0 :(得分:1)
不要使用md5()。
PHP具有密码散列函数。
$options = [ 'cost' => 15 ];
$hashed_password = password_hash('password', PASSWORD_BCRYPT, $options);
if(password_verify($_POST['password'], $hashed_password))
{
// Password the same
}
else
{
// Password failed
}
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php
使用您的脚本可以使用这些行中的某些内容
if (isset($_POST['submit'])) {
if ($conId==''||$pass=='') {
$message="Fill in all the enteries";
echo "<script>alert('".$message."');</script>";
exit();
}
$query = "SELECT * FROM `consumer` WHERE `con_id`= :con_id";
$prepare = $bdd->prepare($query);
$prepare->bindParam(':con_id', $con_id);
$prepare->execute();
$exists = $prepare->fetch();
$pass = hash('sha256', $_POST['pass']);
if($pass == $exists['pass'])
{
// Passwords Match
}
else
{
// They Don't
}
}
答案 1 :(得分:-1)
哈希函数只是hash('sha256', $pass);
http://php.net/manual/en/function.hash.php
此外,当记录某人时,我总是向用户查询他们的用户名,然后比较PHP中的密码。它应该更快,因为查询没有将200个字符的字符串与数千个其他字符串进行比较。