使用散列“sha512”和盐渍密码登录? PHP

时间:2017-01-24 22:45:03

标签: php hash salt sha512

我对盐渍和哈希密码完全不熟悉,很抱歉,如果我有点像菜鸟。 但是我试图对我的密码进行加盐和哈希,并且这一切正常,直到我必须登录

if (isset($_POST['btn-login'])) {

 $uname = strip_tags($_POST['uname']);
 $password = strip_tags($_POST['psw']);

 $uname = $DBcon->real_escape_string($uname);
 $password = $DBcon->real_escape_string($password);
 $salt = "498#2D83B631%3800EBD!801600D*7E3CC13";
 $hashed = hash('sha512', $salt.$password);
 $query = $DBcon->query("SELECT user_id, uname, psw FROM Users WHERE uname='$uname'");
 $row=$query->fetch_array();

 $count = $query->num_rows; // if uname/password are correct returns must be 1 row

 if (password_verify($hashed, $row['psw']) && $count==1) {
  $_SESSION['userSession'] = $row['user_id'];
  header("Location: student.php");
 } else {
  $msg = "<div>
  Wrong E-mail or Password!
</div>";
 }
 $DBcon->close();
}

0 个答案:

没有答案