drouie2014 2017-01-28 16:54
浏览 38
已采纳

Password_verify,PDO

I have a problem with hashing my password (b-crypt). I have accomplished succesfully this function on user registration : $hashed = password_hash($password, PASSWORD_DEFAULT);. But I don't know how to implement this line of code password_verify($password, $hashed_password) to my code.

This is a segment of a class User:

class User{
    private $db;
    public function __construct() {
        $this->db = new Database(); 
    }

public function getLoginUser($email, $password){
        $sql = "SELECT * FROM tbl_user WHERE email = :email AND password = :password LIMIT 1";
        $query = $this->db->pdo->prepare($sql);
        $query->bindValue(':email', $email);
        $query->bindValue(':password', $password);
        $query->execute();
        $result = $query->fetch(PDO::FETCH_OBJ);
        return $result;
    }

    public function userLogin($data){
        $email    = $data['email'];
        $password = $data['password'];
        $chk_email = $this->emailCheck($email);

        if ($email == "" OR $password == "") {
            $msg = "<div class='alert alert-danger'><strong>Error! </strong>Field must not be Empty!</div>";
            return $msg;
        }   

        if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
            $msg = "<div class='alert alert-danger'><strong>Error! </strong>The E-mail address is not valid!</div>";
            return $msg;
        }

        if ($chk_email == false) {
            $msg = "<div class='alert alert-danger'><strong>Error! </strong>The E-mail address Not Exist!</div>";
            return $msg;
        }

        if (password_verify('password', $hashed)) {
            echo 'Password is valid!';
        } else {
            echo 'Invalid password.';
        }

        $result = $this->getLoginUser($email, $password);   

        if ($result) {
            Session::init();
            Session::set("login", true);
            Session::set("id", $result->id);
            Session::set("name", $result->name);
            Session::set("username", $result->username);
            Session::set("loginmsg", "<div class='alert alert-success'><strong>Success! </strong>You are Logged In!</div>");
            header("Location: index.php");
        } else {
            $msg = "<div class='alert alert-danger'><strong>Error! </strong>Data not found!</div>";
            return $msg;
        }
    }

And this is my login.php with the function userLogin($_POST); .

<?php
$user = new User();
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
    $usrLogin = $user->userLogin($_POST);
}

Can someone PLEASE HELP me with this problem? It will be helpfully if you can write that code (segment) for me.

Thank you and

Reegards!

  • 写回答

1条回答 默认 最新

  • dongre6404 2017-01-28 17:04
    关注

    You use password_hash to store the hashed password to database

    $hashed = password_hash($password, PASSWORD_DEFAULT);

    On your login page you need to retrieve the old hashed password from database based on the user's email and check it against the posted password like this

    $password = $_POST['password'];
if (password_verify($password, $hashed_password_from_database)) {
   // login
} else {
   // error login failed
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化
  • ¥15 Mirare PLUS 进行密钥认证?(详解)
  • ¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
  • ¥20 想用ollama做一个自己的AI数据库
  • ¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
  • ¥15 请问怎么才能复现这样的图呀