douchuitang0331 2015-03-23 10:12
浏览 79

如何使用php password_hash和password_verify构建密码保护

I have some problem understanding how to use php 5.5.0+ password_hash and password_verify to protect pages access.

Let me explain what I did. 1) When I create a new user for my webapp, I store username and hashed password in a users table. To hash the password before to store it in the db, I use

$hashedp = password_hash($password, PASSWORD_DEFAULT);

2) On page login I can take the password submitted by the user in the form and 'compare' it with that stored in the database for the same user in this way

$password = the password submitted by the user
$user_hashedp = the hashed password taken from the db
if (password_verify($password, $user_hashedp)) {
    // login the user
} else {
    // show error
}

3) What I don't understand is how I can check and protect access to other pages, after the user has logged in. Imagine You have another page page1.php that you want to show only if the user is logged correctly. How can I build this check?

kind regards, Matt

  • 写回答

2条回答 默认 最新

  • doufuxing8691 2015-03-23 10:16
    关注

    Like already said in the comments you can use session for this. Below an example.

    session_start();
if (password_verify($password, $user_hashedp)) {
    // login the user
    // create session for logged in user.
    $_SESSION['authorized'] = true;
} else {
    $_SESSION['authorized'] = false;
    // show error
}

    Then in authorizedusersonly.php:

    session_start();
if($_SESSION['authorized'] === true) {
 //content for authorized users
} else {
 //content for unauthorized users
}
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog
  • ¥15 Excel发现不可读取的内容
  • ¥15 关于#stm32#的问题:CANOpen的PDO同步传输问题