已更新：

我有我的android应用程序工作正常与纯文本密码，直到现在。我正在尝试将密码散列为下一步。无法找到错误是什么。密码加密Android，PHP

我非常肯定的是，通信罚款明文密码。我确认散列值被得到存储在DB正确（使用VARCHAR（80），用于在DB本属性）。

请帮忙。

<?php 
include("config.php"); 

session_start(); 


// username and password sent from form 


$firstName = mysqli_real_escape_string($db,$_POST["firstName"]); 

$lastName = mysqli_real_escape_string($db,$_POST["lastName"]); 

$email = mysqli_real_escape_string($db,$_POST["email"]); 

$myusername = mysqli_real_escape_string($db,$_POST["username"]); 

$mypassword = mysqli_real_escape_string($db,$_POST["password"]); 

$passwordhash = password_hash($mypassword, PASSWORD_DEFAULT); 

$sql = "INSERT into user VALUES ('$firstName', '$lastName', '$myusername', '$email', '$passwordhash')"; 


$result = mysqli_query($db,$sql); 


if($result) 
{ 

    echo "success"; 

}else{ 

    echo "failed"; 

} 



?>

的login.php

<?php 
include("config.php"); 


session_start(); 



// username and password sent from form 

$myusername = mysqli_real_escape_string($db,$_POST["username"]); 

$mypassword = mysqli_real_escape_string($db,$_POST["password"]);  

$sql = "SELECT * FROM user WHERE username = '$myusername'"; 

$result = mysqli_query($db,$sql); 
$count = mysqli_num_rows($result); 
$row = mysqli_fetch_array($result,MYSQLI_ASSOC); 
$hash = $row['password']; 

// If result matched $myusername and $mypassword, table row must be 1 row 



if(true === password_verify($mypassword,$hash)) { 

    echo "success". "\n"; 

    echo $row['firstName'] . "\n"; 

    echo $row['lastName'] . "\n"; 

    echo $row['username'] . "\n"; 

    echo $row['email'] . "\n"; 

} 
else{ 

    echo " Incorrect Login. Please try again "; 
} 


?>

来源

2017-06-07 Seshagiri Rao Kornepati

不要叫'password_hash（）'再次，而是使用'password_verify（）' –

_ “如果在Android上的方式来加密” _只需使用SSL/TLS在PHP端。 _“这样，我可以直接查询数据库，而无需在php级别执行任何加密”_不这样做。您希望存储的密码被散列，而不是纯文本。 –

见[第替代方法：在PHP Bcrypt密码哈希处理（https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016#php） – TheGreatContini