我是PDO的新手,我有点迷失在函数和如何使它们正确工作!
我已经创建了插入新用户的函数,现在,我正在尝试执行登录函数。
我用这个加密了我的密码:
function create_salt($username,$timestamp)
{
$hashed = sha1($username.$timestamp) ;
$randomized = '';
for ($i = 0 ; $i <= 40 ; $i++)
{
$randomChar = $hashed[rand(0, strlen($hashed)-1)];
$randomized.=$randomChar;
}
return $randomized;
}
,对于用户插入:
function userRegister($password,$email,$role,$title,$first_name,$last_name,$phone,$mobile_phone,$address,
$postal_code,$postal_case,$city,$country,$agent_number)
{
// generate username
$username = createUsername($first_name,$last_name,$email);
// create salt
$password_salt = create_salt($username,time());
// encrypt password
$cryptedPassword = sha1($password);
// create new pdo object
$pdo = dbConnect();
try
{
$pdo->beginTransaction();
// create the account, allowing the user to log in
$req = $pdo->prepare("INSERT INTO t_accounts (a_creation,a_last_change,a_username,a_password,a_password_salt,a_email)
VALUES (NOW(),NOW(),:username,:cryptedPassword,:password_salt,:email)");
$req->execute(array(
'username' => $username,
'cryptedPassword' => $cryptedPassword,
'password_salt' => $password_salt,
'email' => $email
));
echo 'Account added';
$lastAccountID = $pdo->lastInsertId();
// create the user
$req2 = $pdo->prepare("INSERT INTO t_users (t_roles_role_id,t_accounts_account_id,u_creation,u_last_change,
u_title,u_first_name,u_last_name,u_phone,u_mobile_phone,u_address,u_postal_code,
u_postal_case,u_city,u_country,u_agent_number)
VALUES (:role,LAST_INSERT_ID(),NOW(),NOW(),:title,:first_name,:last_name,:phone,
:mobile_phone,:address,:postal_code,:postal_case,:city,:country,:agent_number)");
$req2->execute(array(
'role' => $role,
'title' => $title,
'first_name' => $first_name,
'last_name' => $last_name,
'phone' => $phone,
'mobile_phone' => $mobile_phone,
'address' => $address,
'postal_code' => $postal_code,
'postal_case' => $postal_case,
'city' => $city,
'country' => $country,
'agent_number' => $agent_number
));
echo 'User added';
$lastUserID = $pdo->lastInsertId();
// open the logs for this account
$req3 = $pdo->prepare("INSERT INTO t_accounts_logs (al_date,al_ipv4,al_ipv6,al_description,al_username)
VALUES (NOW(),:al_ipv4,:al_ipv6,:al_description,:al_username)");
$req3->execute(array(
'al_ipv4' => $_SERVER['REMOTE_ADDR'],
'al_ipv6' => '',
'al_description' => 'Création du user '.$lastUserID.'/'.$first_name.' '.$last_name.' avec le compte '.$lastAccountID.'/'.$username,
'al_username' => $username
));
echo 'Log added';
$pdo->commit();
echo 'tout s'est bien passé.';
}
catch(Exception $e)
{
// rollback the transaction
$pdo->rollback();
// display error message and datas
echo 'Tout ne s'est pas bien passé, voir les erreurs ci-dessous<br />';
echo 'Erreur : '.$e->getMessage().'<br />';
echo 'N° : '.$e->getCode();
// exit the catch to avoid the next errors
exit();
}
}
一切正常
现在,我正在尝试做登录功能,我需要检查用户名,电子邮件和密码是否正确。
Where I am:
function loginUser($fusername,$fpassword,$femail)
{
$pdo = dbConnect();
$encryptedPassword = sha1($fpassword);
// create the account, allowing the user to log in
try
{
$req = $pdo->prepare("SELECT a_username, a_password, a_password_salt,a_email
FROM t_accounts WHERE t_accounts.a_username = :username
AND t_accounts.a_email = :email
AND t_accounts.a_password = :password;");
$req->execute(array(
":username" => $fusername,
":email" => $femail,
":password" => $encryptedPassword
));
if ($req->rowCount() == 1)
{
while ($get = $req->fetch(PDO::FETCH_OBJ))
{
echo 'logged in';
}
}
else
{
echo 'user does not exist';
}
}
catch (Exception $e)
{
echo "could not retrieve data from database" ;
}
}
我在找一些教程,像这个:https://x10hosting.com/community/threads/question-log-in-pages-with-pdo.192294/#post-923672但他没有测试密码与盐。
如果我也需要检查盐,功能是否良好,我应该在测试中改变什么?
可能您需要选择salt以及散列密码,使用该salt创建散列,然后比较两个散列?
我的最终脚本,工作良好,如果有人需要它在未来
function userRegister($password,$email,$role,$title,$first_name,$last_name,$phone,$mobile_phone,$address,
$postal_code,$postal_case,$city,$country,$agent_number)
{
// generate username
$username = createUsername($first_name,$last_name,$email);
// encrypt password
$cryptedPassword = password_hash($password, PASSWORD_BCRYPT, array("cost" => 11));
// create new pdo object
$pdo = dbConnect();
try
{
$pdo->beginTransaction();
// create the account, allowing the user to log in
$req = $pdo->prepare("INSERT INTO t_accounts (a_creation,a_last_change,a_username,a_password,a_email)
VALUES (NOW(),NOW(),:username,:cryptedPassword,:email)");
$req->execute(array(
'username' => $username,
'cryptedPassword' => $cryptedPassword,
'email' => $email
));
echo 'Account added';
$lastAccountID = $pdo->lastInsertId();
// create the user
$req2 = $pdo->prepare("INSERT INTO t_users (t_roles_role_id,t_accounts_account_id,u_creation,u_last_change,
u_title,u_first_name,u_last_name,u_phone,u_mobile_phone,u_address,u_postal_code,
u_postal_case,u_city,u_country,u_agent_number)
VALUES (:role,LAST_INSERT_ID(),NOW(),NOW(),:title,:first_name,:last_name,:phone,
:mobile_phone,:address,:postal_code,:postal_case,:city,:country,:agent_number)");
$req2->execute(array(
'role' => $role,
'title' => $title,
'first_name' => $first_name,
'last_name' => $last_name,
'phone' => $phone,
'mobile_phone' => $mobile_phone,
'address' => $address,
'postal_code' => $postal_code,
'postal_case' => $postal_case,
'city' => $city,
'country' => $country,
'agent_number' => $agent_number
));
echo 'User added';
$lastUserID = $pdo->lastInsertId();
// open the logs for this account
$req3 = $pdo->prepare("INSERT INTO t_accounts_logs (al_date,al_ipv4,al_ipv6,al_description,al_username)
VALUES (NOW(),:al_ipv4,:al_ipv6,:al_description,:al_username)");
$req3->execute(array(
'al_ipv4' => $_SERVER['REMOTE_ADDR'],
'al_ipv6' => '',
'al_description' => 'Création du user '.$lastUserID.'/'.$first_name.' '.$last_name.' avec le compte '.$lastAccountID.'/'.$username,
'al_username' => $username
));
echo 'Log added';
$pdo->commit();
echo 'tout s'est bien passé.';
}
catch(Exception $e)
{
// rollback the transaction
$pdo->rollback();
// display error message and datas
echo 'Tout ne s'est pas bien passé, voir les erreurs ci-dessous<br />';
echo 'Erreur : '.$e->getMessage().'<br />';
echo 'N° : '.$e->getCode();
// exit the catch to avoid the next errors
exit();
}
}
第二个
function loginUser($fusername,$fpassword,$femail)
{
$pdo = dbConnect();
// create the account, allowing the user to log in
try
{
$req = $pdo->prepare("SELECT *
FROM t_accounts WHERE t_accounts.a_username = :username
AND t_accounts.a_email = :email;");
$req->execute(array(
":username" => $fusername,
":email" => $femail
));
if ($req->rowCount() == 1)
{
while ($get = $req->fetch(PDO::FETCH_OBJ))
{
//$hash = password_hash($get->a_password,PASSWORD_BCRYPT,array("cost" => 11));
if (password_verify($fpassword,$get->a_password))
{
echo 'Identifiants corrects';
}
else
{
echo 'Identifiants incorrects';
echo "rn";
echo '<a href="'.$_SERVER["HTTP_REFERER"].'" />Retourner au formulaire</a>';
}
}
}
else
{
echo 'user does not exist';
}
}
catch (Exception $e)
{
echo "could not retrieve data from database" ;
}
}