1. 首页
  2. 问答
  3. PHP哈希概率

PHP哈希概率

2015-06-04 52 views
1

我正在做一个注册/登录,我不能得到哈希密码匹配。PHP哈希概率

if(isset($_POST["pass"])) { 
    $pass = $_POST["pass"]; 
    $options = array('cost' => 11); 
    $pass = password_hash("$pass", PASSWORD_BCRYPT, $options)."\n";  
} 

$sql2 = $db->prepare('INSERT INTO Registrace (Email, Password, Nick) VALUES (:email, :password, :nick)'); 
$sql2->execute(array(':email' => $email,':password' => $pass, ':nick' => $nick));

在数据库中输入了散列密码。

现在,我如何使登录密码与数据库中的密码相匹配?

if(isset($_POST["pass"])) { 
    ? ? ? ? ?  
} 



$sql = $db->prepare("SELECT Nick,Password FROM registrace WHERE Nick=:nick AND Password=:password"); 
    $sql->bindParam(':nick', $_POST['lognick']); 
    $sql->bindParam(':password', $pass); 
    $sql->execute(); 

    if($row = $sql->fetch()){ 
     $_SESSION['lognick'] = $row['lognick']; 
     $_SESSION['lognick'] = $_POST["lognick"]; 
     $_SESSION['time'] = time(); 
     header("Location: Logged.php"); 
} 
else { 
    $_SESSION['error'] .= "Pass and Nick don't match. "; 
    header("Location: Login.php"); 
}

不知道该怎么办?

来源

2015-06-04 Mark

+1

[不要限制密码(http://jayblanchard.net/security_fail_passwords.html)和[使用适当的方法与哈希密码PHP(http://jayblanchard.net/proper_password_hashing_with_PHP.html) 。 –

回答

4

什么你需要做的是找到在数据库中的用户名和检索的哈希值,然后将它传递给password_verify

$sql = $db->prepare("SELECT Nick,Password FROM registrace WHERE Nick=:nick"); 
// PDO binds and execute here 
if($row = $sql->fetch()) { 
    if(!password_verify($_POST['password'], $row['Password']) { //login fail

来源

2015-06-04 20:27:54 Machavity

+0

非常感谢。我永远不会独自解决它。 – Mark

0

查找密码哈希,然后检查输入的密码如下:

if (password_verify($_POST['pass'], $row['Password'])) { 
    // Logged in 
} else { 
    // Wrong password 
}

来源

2015-06-04 20:27:16

相关问题

 相关问题