我试图为我的网站创建一个登录系统,我可以哈希密码并将哈希数据插入数据库,但检索它有点不同。
我正在我的页面搜索上一页中给定用户名的(哈希密码),以及上一页中给定的密码。然后获取我的代码以查看两个密码是否匹配,但是,我没有得到值返回。是的,我正在回应它,并提出建议吗?
<?php
session_start();
include 'dbh.php';
$Username = $_POST['Username'];
$Password = $_POST['Password'];
$sql = "SELECT * FROM account WHERE Username='$Username'";
$result = $conn->query($sql);
while ($row = $result->fetch_assoc()) {
$UsernameActualhashedPassword = $row['Password'];
}
$input = $Password;
echo $input;
echo $UsernameActualhashedPassword;
echo password_verify($input, $UsernameActualhashedPassword);
答案 0 :(得分:0)
试试这个并查找Sanitizing user for secure login
<?php
session_start();
include 'dbh.php';
$Username = $_POST['Username'];
$Password = $_POST['Password'];
$hashpass = hash_fun($password); // use the same hash function which you have used in the signup
$sql = "SELECT count(*) FROM account WHERE Username='$Username' and
password='$hashpass'";
$result = $conn->query($sql);
if($result>0)
echo "Login success";
else echo "wrong username or password";
?>