PHP-与数据库的哈希密码比较

时间:2019-01-22 01:05:27

标签: php

我现在正在学习如何使用PHP创建登录名/注册,到目前为止进展顺利。我遇到了一个问题,试图将密码输入与存储的值进行比较。

使用password_hash对数据库中的存储值进行哈希处理,在进行比较时,我使用准备好的语句来选择存储值,并使用password_verify。我研究了其他各种问题,并尝试重复了他们所做的事情,但似乎没有任何用处。

任何人都可以提供帮助吗?

$2y$10$DEU9mpArXX6lLVuaFm4jj..Djki1kllwhSKdB7WSkqtDjgGkQMUhC

登录文件


    require "databaseConnect.php";    

    if (isset($_POST["user-username"]) && isset($_POST["user-password"])) {

        $input_username = $_POST["user-username"];
        $input_password = $_POST["user-password"];

        //check if user exists

        $username_query = $dbConn->prepare("SELECT * FROM user_info WHERE username=?");
        $username_query->bind_param("s", $input_username);
        $username_query->execute();
        $username_query->store_result();


        $verifypw = $dbConn->prepare("SELECT password FROM user_info WHERE username=?");
        $verifypw->bind_param("s", $input_username);
        $verifypw->execute();
        $verifypw->bind_result($checkPw);     
        $verifypw->fetch();
        $verifypw->close();

        $passwordsMatch = password_verify($input_password, $checkPw);

        if ($username_query->num_rows == 0) {

            //user doesnt exist
            echo "0";
            $username_query->close();

        } else {

            if ($passwordsMatch) {

                echo "passwords match";

            } else {

                echo "passwords don't match";

            }
        }
    }

?>

<?php

    session_start();

    require "databaseConnect.php";

    if (isset($_POST["user-username"]) && isset($_POST["user-email"]) && isset($_POST["user-password"])) {

        $input_email = $_POST["user-email"];
        $input_username = $_POST["user-username"];
        $input_password = $_POST["user-password"];
        $input_password = password_hash($password, PASSWORD_DEFAULT);

         //check if user exists in database

        $username_query = $dbConn->prepare("SELECT * FROM user_info WHERE username=?");
        $username_query->bind_param("s", $input_username);
        $username_query->execute();
        $username_query->store_result();

        $email_query = $dbConn->prepare("SELECT * FROM user_info WHERE email=?");
        $email_query->bind_param("s", $input_email);
        $email_query->execute();
        $email_query->store_result();

        if ($username_query->num_rows > 0 || $email_query->num_rows > 0) {

            //cant create user, already exists
            $username_query->close();
            $email_query->close();

            echo "0";

        } else {

            //create user

            $username_query->close();

            $user_create = $dbConn->prepare("INSERT INTO user_info (username, email, password) 
            VALUES(?, ?, ?)");
            $user_create->bind_param("sss", $input_username, $input_email, $input_password);
            $user_create->execute();
            $user_create->close();

            echo "1";
                
        }

    }

?>

0 个答案:

没有答案