donglv1831
2017-09-30 18:39
浏览 140
已采纳

如何检查数据库的哈希密码

I am looking to check the username and password that are entered are equal to the username and password stored in mysql database.

I have used password_hash() to hash the password and stored them into table. But I don't know, how to check if they are the same or not.

HTML

<!DOCTYPE HTML>  
<html>
<head>
<style>
    .error {color: #FF0000;}
</style>
</head>
<body>

<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">  
Username: <input type="text" name="username">
<span class="error">* <?php echo $usernameErr;?></span>
<br><br>
Password: <input type="password" name="password">
<span class="error">* <?php echo $passwordErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">

</form>
</body>
</html>

PHP

<?php
error_reporting(E_ALL | E_STRICT);

$servername = "localhost";
$serverUsername = "root";
$serverPassword = "";

// Create connection
$conn = mysqli_connect($servername, $serverUsername, $serverPassword);
mysqli_select_db($conn, 'users');

// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";

if (isset($_POST["submit"])) {
    $query = mysqli_prepare($conn, "SELECT * FROM user_logons WHERE Username = ? AND Password = ?");
    mysqli_stmt_bind_param ($query , 'ss' , $username , $password);
    mysqli_stmt_execute($query);
    $username = mysqli_real_escape_string($conn, $_POST["username"]);
    $password = password_hash($_POST["password"], PASSWORD_BCRYPT);
    mysqli_stmt_close($query);

}

$usernameErr = $passwordErr = "";

mysqli_close($conn);
?>

Also, do I have to escape the password input if it is hashed?

图片转代码服务由CSDN问答提供 功能建议

我希望检查输入的用户名和密码是否等于存储在mysql数据库中的用户名和密码。

我使用 password_hash()来散列密码并将其存储到表中。 但我不知道,如何检查它们是否相同。

HTML

 &lt;!DOCTYPE HTML&gt;  
&lt; html&gt; 
&lt; head&gt; 
&lt; style&gt; 
 .error {color:#FF0000;} 
&lt; / style&gt; 
&lt; / head&gt; 
&lt; body&gt; 
 
&lt; h2&gt;  PHP表单验证示例&lt; / h2&gt; 
&lt; p&gt;&lt; span class =“error”&gt; *必填字段。&lt; / span&gt;&lt; / p&gt; 
&lt; form method =“post”action =“&lt  ;?php echo htmlspecialchars($ _ SERVER [“PHP_SELF”]);?&gt;“&gt;  
用户名:&lt; input type =“text”name =“username”&gt; 
&lt; span class =“error”&gt; *&lt;?php echo $ usernameErr;?&gt;&lt; / span&gt; 
&lt; br&gt;  ;&lt; br&gt; 
密码:&lt; input type =“password”name =“password”&gt; 
&lt; span class =“error”&gt; *&lt;?php echo $ passwordErr;?&gt;&lt; / span&gt;  ; 
&lt; br&gt;&lt; br&gt; 
&lt; input type =“submit”name =“submit”value =“Submit”&gt; 
 
&lt; / form&gt; 
&lt; / body&gt; 
&lt; / html&gt  ; 
   
 
 

PHP

   &lt;?php 
error_reporting(E_ALL | E_STRICT); 
 
 $ servername =“localhost”; 
 $ serverUsername =“root”; 
 $ serverPassword =“”; 
 
 //创建连接
  $ conn = mysqli_connect($ servername,$ serverUsername,$ serverPassword); 
mysqli_select_db($ conn,'users'); 
 
 //检查连接
if(!$ conn){
 die(“连接失败:  “.mysqli_connect_error()); 
} 
echo”已成功连接“; 
 
if(isset($ _ POST [”submit“])){
 $ query = mysqli_prepare($ conn,”SELECT * FROM user_logons WHERE 我们 ername =?  AND Password =?“); 
 mysqli_stmt_bind_param($ query,'ss',$ username,$ password); 
 mysqli_stmt_execute($ query); 
 $ username = mysqli_real_escape_string($ conn,$ _POST [”username“]  ); 
 $ password = password_hash($ _ POST [“password”],PASSWORD_BCRYPT); 
 mysqli_stmt_close($ query); 
 
} 
 
 $ usernameErr = $ passwordErr =“”; 
 
mysqli_close  ($ conn); 
?&gt; 
   
 
 

此外,如果密码被输入,我是否必须转义密码输入?

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douxianxing5712 2017-09-30 18:43
    已采纳

    You need to get the input password hashed again and before binding it with your prepare statement. You need to make sure, you are using same encryption method, which was used for storing.

    $username = mysqli_real_escape_string($conn, $_POST["username"]);
    $password = password_hash($_POST["password"], PASSWORD_BCRYPT); 
    
    mysqli_stmt_bind_param ($query , 'ss' , $username , $password);
    mysqli_stmt_execute($query);
    

    Edited:

    As suggested by @Devon in comment, you could also use password_verify

    打赏 评论

相关推荐 更多相似问题