我正在做一个注册/登录,我不能得到哈希密码匹配。PHP哈希概率
if(isset($_POST["pass"])) {
$pass = $_POST["pass"];
$options = array('cost' => 11);
$pass = password_hash("$pass", PASSWORD_BCRYPT, $options)."\n";
}
$sql2 = $db->prepare('INSERT INTO Registrace (Email, Password, Nick) VALUES (:email, :password, :nick)');
$sql2->execute(array(':email' => $email,':password' => $pass, ':nick' => $nick));
在数据库中输入了散列密码。
现在,我如何使登录密码与数据库中的密码相匹配?
if(isset($_POST["pass"])) {
? ? ? ? ?
}
$sql = $db->prepare("SELECT Nick,Password FROM registrace WHERE Nick=:nick AND Password=:password");
$sql->bindParam(':nick', $_POST['lognick']);
$sql->bindParam(':password', $pass);
$sql->execute();
if($row = $sql->fetch()){
$_SESSION['lognick'] = $row['lognick'];
$_SESSION['lognick'] = $_POST["lognick"];
$_SESSION['time'] = time();
header("Location: Logged.php");
}
else {
$_SESSION['error'] .= "Pass and Nick don't match. ";
header("Location: Login.php");
}
不知道该怎么办?
[不要限制密码(http://jayblanchard.net/security_fail_passwords.html)和[使用适当的方法与哈希密码PHP(http://jayblanchard.net/proper_password_hashing_with_PHP.html) 。 –