我的 SQL 表:
|-ID-|-Username-|-EmailAddress-|-ePassword-|-Permissions-|
----------------------------------------------------------
| 1 | Admin | | | |
| 2 | Foo|<emailaddress>|<cpassword>| <default 1>|
| | | | | |
| | | | | |
下面的代码从表单中获取_POST数据,然后引用数据库来检查用户名是否正确,一旦用户名正确,我希望能够比较$password 和来 self 的数据库的 ePassword,
ePassword 使用 crypt 进行加密。来自 php.net 的示例关于 crypt 说我必须这样做:
if (hash_equals($hashed_password, crypt($user_input, $hashed_password)) {
echo "Password verified!";
}
比较密码,所以我的密码是:
if (hash_equals($hashed_password, crypt($password, $hashed_password)) { //changed $user_input to password
echo "Password verified!";
}
但是我该如何从数据库中获取ePassword并进行比较呢?
//User data
$username = strtolower($_POST['username']);
$password = $_POST['password'];
//login check
if($_SESSION['loggedIn'] != "") {
echo 'You already are using an Account!';
} else if($_SESSION['loggedIn'] == "") {
//connect to database
$con = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
//check for connection errors
if (!$con) {
die('Could not connect: ' . mysql_error());
};
//checks for username
$stmt = $con->prepare("SELECT * FROM Users WHERE Username=?");
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();
$userCheck = $stmt->num_rows;
if($userCheck > 0) {
//Password check goes here
} else {
};
$con->close();
};
TL;DR:我想将我的数据库中的 $password 与 ePassword 与 crypt 进行比较,我该怎么做?
最佳答案
// username and password sent from Form
$username=$_POST['username'];
$password=$_POST['password'];
$password=crypt($password,saltUsedWhileRegisteringUser); // Encrypted Password
//Assuming ePassword is the crypted password inserted into DB while User Registeration
$sql="SELECT id FROM admin WHERE username='$username' and ePassword ='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);//If count > 1 then valid user else not a valid one.
关于php - 将发布的密码与 MySQL 存储的加密密码进行比较,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27145512/