java - 无法使用散列密码登录 Android 应用程序

我一直在遵循教程，以便为基于 Android 的应用程序创建登录信息，但是在加密密码后，我无法对用户进行身份验证。我几天来一直在寻找问题的解决方案，但仍然没有成功。我希望这是我错过的一些简单的事情。

评论中也有很多人在视频 6(播放列表中的最后一个视频)上遇到了与我相同的问题。

任何支持将不胜感激，并提前感谢您!

<?php
require("password.php");
$connect = mysqli_connect("localhost", "", "", "");

$name = $_POST["name"];
$email = $_POST["email"];
$username = $_POST["username"];
$password = $_POST["password"];

function registerUser() {
    global $connect, $name, $username, $email, $password;
    $passwordHash = password_hash($password, PASSWORD_DEFAULT);
    $statement = mysqli_prepare($connect, "INSERT INTO user (name, username, email, password) VALUES (?, ?, ?, ?)");
    mysqli_stmt_bind_param($statement, "ssss", $name, $username, $email, $passwordHash);
    mysqli_stmt_execute($statement);
    mysqli_stmt_close($statement);     
}
function usernameAvailable() {
    global $connect, $username;
    $statement = mysqli_prepare($connect, "SELECT * FROM user WHERE username = ?"); 
    mysqli_stmt_bind_param($statement, "s", $username);
    mysqli_stmt_execute($statement);
    mysqli_stmt_store_result($statement);
    $count = mysqli_stmt_num_rows($statement);
    mysqli_stmt_close($statement); 
    if ($count < 1){
        return true; 
    }else {
        return false; 
    }
}
$response = array();
$response["success"] = false;  
    if (usernameAvailable()){
    registerUser();
    $response["success"] = true;  
}
print_r(json_encode($response));

？>

<?php
require("password.php");
$con = mysqli_connect("localhost", "", "", "");

$username = $_POST["username"];
$password = $_POST["password"];

$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($statement, "ss", $username, $passwordHash);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $UserID, $Name, $Username, $Email, $PasswordHash);

$response = array();
$response["success"] = false;  

 while(mysqli_stmt_fetch($statement)){
    $response["success"] = true;  
    $response["name"] = $name;
    $response["email"] = $email;
    $response["username"] = $username;
    $response["password"] = $password;
}
echo json_encode($response);

？>

LoginRequest.java

package com.###########;

import com.android.volley.Response;
import com.android.volley.toolbox.StringRequest;
import java.util.HashMap;
import java.util.Map;

public class LoginRequest extends StringRequest {
private static final String LOGIN_REQUEST_URL = "http://....................../login.php";
private Map < String, String > params;

public LoginRequest(String username, String password, Response.Listener < String > listener) {
super(Method.POST, LOGIN_REQUEST_URL, listener, null);
params = new HashMap < > ();
params.put("username", username);
params.put("password", password);
}

@Override
public Map < String, String > getParams() {
return params;
}

}

LoginActivity.java

package com.###########;

import android.content.Intent;
import android.support.v7.app.AlertDialog;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
import com.android.volley.RequestQueue;
import com.android.volley.Response;
import com.android.volley.toolbox.Volley;
import org.json.JSONException;
import org.json.JSONObject;

public class LoginActivity extends AppCompatActivity {

@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_login);

final EditText etUsername = (EditText) findViewById(R.id.etUsername);
final EditText etPassword = (EditText) findViewById(R.id.etPassword);
final Button bLogin = (Button) findViewById(R.id.bLogin);
final TextView registerLink = (TextView) findViewById(R.id.tvRegisterHere);

registerLink.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
Intent registerIntent = new Intent(LoginActivity.this, RegisterActivity.class);
LoginActivity.this.startActivity(registerIntent);
}
});

bLogin.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
final String username = etUsername.getText().toString();
final String password = etPassword.getText().toString();

Response.Listener<String> responseListener = new Response.Listener<String>() {
@Override
public void onResponse(String response) {
try {
JSONObject jsonResponse = new JSONObject(response);
boolean success = jsonResponse.getBoolean("success");

if (success){
String name = jsonResponse.getString("name");
String email = jsonResponse.getString("email");

Intent intent = new Intent(LoginActivity.this, UserAreaActivity.class);
intent.putExtra("name", name);
intent.putExtra("username", username);
intent.putExtra("email", email);

LoginActivity.this.startActivity(intent);
}
else {
AlertDialog.Builder builder = new AlertDialog.Builder(LoginActivity.this);
builder.setMessage("Login Failed")
.setNegativeButton("Retry", null)
.create()
.show();
}
} catch (JSONException e) {
e.printStackTrace();
}
}
};

LoginRequest loginRequest = new LoginRequest(username, password, responseListener);
loginRequest.setShouldCache(false); // Disables Caching for Volley so that multiple login requests can be submitted.
RequestQueue queue = Volley.newRequestQueue(LoginActivity.this);
queue.add(loginRequest);
}
});

}
}

最佳答案

在login.php中你应该改变这个:

//$passwordHash = password_hash($password, PASSWORD_DEFAULT); remove
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);

每次对密码进行哈希处理时，它都会创建一个唯一的哈希值(由于每次运行该函数时都会随机生成盐)，因此当您登录并进行哈希处理时，您将永远不会获得匹配项。您应该使用 password_verify()

从查询中检索到密码后，您可以验证:

password_verify($password, $response['password']);

关于java - 无法使用散列密码登录 Android 应用程序，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/54081988/

java - 无法使用散列密码登录 Android 应用程序

上一篇：java - 如何从返回集合的方法返回错误消息

下一篇：java - 主 shell 打开后立即打开另一个 SWT Shell