如何在PHP上取消哈希密码

时间:2018-05-11 11:30:27

标签: php hash

我已经用HTML和PHP和MySQL制作了一个基本的登录和注册表单... 通过注册用户我散列密码并在登录用户时,我无法解密密码。我也使用了password_verify函数,但它似乎不起作用.... 我该怎么办???

这是我的代码(登录脚本): -

   <?php

session_start();

if (isset($_POST['Register'])) {

  include 'dbh.inc.php';

  $Username = mysqli_real_escape_string($conn, $_POST['Username']);
  $Password = mysqli_real_escape_string($conn, $_POST['Password']);

  //ERROR HANDLING
  if (empty($Username) || empty($Password)) {
    header("Location: ../index.php?login=empty");
    exit();
  } else{
    $sql = "SELECT * FROM users WHERE username='$Username' OR email='$Username'";
    $result = mysqli_query($conn, $sql);
    $resultcheck = mysqli_num_rows($result);
    if ($resultcheck < 1) {
      header("Location: ../index.php?login=failure1");
      exit();
    } else {
      if ($row = mysqli_fetch_assoc($result)) {
        //DEHASHING PASSWORD
        $hashedpwdCheck = password_verify($Password, $row["password"]);
        if ($hashedpwdCheck == false) {
          header("Location: ../index.php?login=failure2");
          exit();
        } elseif ($hashedpwdCheck == true) {
          //LOGINING IN THE USER
          $_SESSION['username'] = $row[$Username];

          header("Location: ../index.php?login=success");
          exit();
        }
      }
    }
  }
} else {
  header("Location: ../index.php?login=failure3");
  exit();
}

这是注册表格: -

<?php

if (isset($_POST['Register'])) {

  include_once 'dbh.inc.php';

  $First = mysqli_real_escape_string($conn, $_POST['FName']);
  $Last = mysqli_real_escape_string($conn, $_POST['LName']);
  $Email = mysqli_real_escape_string($conn, $_POST['Email']);
  $Email2 = mysqli_real_escape_string($conn, $_POST['Email2']);
  $UName = mysqli_real_escape_string($conn, $_POST['UName']);
  $Password = mysqli_real_escape_string($conn, $_POST['Password']);
  $Password2 = mysqli_real_escape_string($conn, $_POST['Password2']);
  $Date = date("Y-m-d");


  //ERROR HANDLING
  //CHECKING FOR EMPTY FIELDSif
  if (empty($First) || empty($Last) || empty($Email) || empty($Email2) || empty($UName) || empty($Password) || empty($Password2)) {
    header("Location: ../index.php?signup=empty");
    exit();
  } else {
    //CHECKING IS INPUT IS VALID
    if (!preg_match("/^[a-zA-Z]*$/", $First) || !preg_match("/^[a-zA-Z]*$/", $Last)) {
      header("Location: ../index.php?signup=invalid");
      exit();
    } else {
      //VALIDATING Email
      if (!filter_var($Email, FILTER_VALIDATE_EMAIL) || !filter_var($Email2, FILTER_VALIDATE_EMAIL)) {
        header("Location: ../index.php?signup=email");
        exit();
      } else {
        $sql = "SELECT * FROM users WHERE username='$UName'";
        $result = mysqli_query($conn, $sql);
        $resultcheck = mysqli_num_rows($result);
        if ($resultcheck > 0) {
          header("Location: ../index.php?signup=user_taken");
          exit();
        } else {
          //HASHING Password
          $hashpwd = password_hash($Password, PASSWORD_DEFAULT);
          //INSERTING USER INTO DATABASE
          $sql = "INSERT INTO users (first_name, last_name, email, username,    password, date_signup) VALUES ('$First', '$Last', '$Email', '$UName', '$hashpwd', '$Date');";
          mysqli_query($conn, $sql);
          header("Location: ../index.php?signup=success");
          echo '<script>alert("Registration Done")</script>';  
          exit();
        }
      }
    }
  }
} else{
  header("Location: ../index.php");
  exit();
}

注册表格完美无缺,但登录无效

0 个答案:

没有答案