正如标题所示,当我尝试从数据库中检索用户时,我可以获得密码和用户名的匹配。 当我第一次创建用户时,我使用此方法来对密码进行哈希处理:
mysql_select_db($user);
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
function hash_password($password1, $username1) {
return hash_hmac('sha512', $password1 . $username1, $site_key);
}
$sql=mysql_query("INSERT INTO _SCD_BACKUP_USERS (username, password)
VALUES ('".$username."','".hash_password($password, $username)."')");
$r=mysql_query($sql);
if(!$r)echo "Error in query: ".mysql_error();
mysql_close();`
这似乎工作正常!以便在数据库中获取我想要的内容。当我检索信息时,我无法使用以下代码获得匹配项:
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
function hash_password($password1, $username1) {
return hash_hmac('sha512', $password1 . $username1, $site_key);
}
$encrypted = hash_password($username, $password);
$sql = 'SELECT username FROM _SCD_BACKUP_USERS WHERE username = ? AND password = ?';
$result = $db -> query($sql, array($username, $encrypted));
if ($result -> numRows() < 1) {
$arr = array('same' => true);
} else {
$arr = array('same' => false);
}
print(json_encode($arr));
mysql_close();
有什么建议吗?
//安德烈
最佳答案
参数向后
$encrypted = hash_password($username, $password);
应该是
$encrypted = hash_password($password, $username);
关于php - 可以从 mysql 数据库获取用户名和密码匹配,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7554097/