这是我的代码
if(isset($_POST['submitlogin']) && !empty($_POST['usernamelogin']) && !empty($_POST['passwordlogin']))
{
$inUsername=$_POST["usernamelogin"];
$inPassword=$_POST["passwordlogin"];
$stmt = $con->prepare("SELECT Username ,Password FROM users WHERE Username = ? AND Password = ? ");
$stmt->bind_param('ss', $inUsername, $inPassword);
$stmt->execute();
$stmt->bind_result($inUsername, $inPassword);
$stmt -> fetch();
我认为这是绑定>结果的问题,你能告诉我它是什么吗
$hash = $inPassword;
$passwordcheck = password_verify($inPassword, $hash);
if($hash == $passwordcheck)
{
$_SESSION['username']=$inUsername;
?>
<script>
window.location.href = 'someaddress.php';
</script>
<?php
}
else
{
echo "<h1>Incorrect username or password</h1>";
}
. }
直接从 PHP 网站获取,作为您将传递给函数的数据类型的示例。
password_verify
验证密码是否与哈希匹配
布尔password_verify(字符串$password,字符串$hash(
<?php
// See the password_hash() example to see where this came from.
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
if (password_verify('rasmuslerdorf', $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
password_hash
password_hash — 创建密码哈希
字符串 password_hash (字符串 $password , 整数 $algo [, 数组 $options ] (
<?php
/**
* We just want to hash our password using the current DEFAULT algorithm.
* This is presently BCRYPT, and will produce a 60 character result.
*
* Beware that DEFAULT may change over time, so you would want to prepare
* By allowing your storage to expand past 60 characters (255 would be good)
*/
echo password_hash("rasmuslerdorf", PASSWORD_DEFAULT)."n";
?>
The above example will output something similar to:
$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a
我仍然有 PHP 5.3.2,所以在我重建笔记本电脑之前password_verify
和password_hash
不可用,但我想你可能会这样使用它:
if( isset(
$_POST['submitlogin'],
$_POST['usernamelogin'],
$_POST['passwordlogin']
) && !empty( $_POST['usernamelogin'] ) && !empty( $_POST['passwordlogin'] ) ){
$inUsername=$_POST["usernamelogin"];
$inPassword=$_POST["passwordlogin"];
/* select two fields but only use username in where clause */
$stmt = $con->prepare("select `username`, `password` from `users` where `username` = ?");
if( $stmt ){
$stmt->bind_param('s', $inUsername );
$stmt->execute();
/* bind the results */
$stmt->bind_result( $username, $hashed_password );
$stmt->fetch();
$stmt->free_result();
$stmt->close();
/* use the given password and the returned hashed password - see if they match */
if( password_verify( $inPasswordDB, $hashed_password ) ){
$_SESSION['username']=$inUsername;
header( "location: UserProfile.php" );
} else {
echo "<h1>Incorrect username or password</h1>";
}
} else {
echo "statement failed";
}
}