Sim*_*ays 22 php mysql hash salt sha256
我已经在我的注册脚本中加密了密码,它们存储在数据库中,我必须使用它们登录,所以我想使用未加密的登录.我在这里读过一些帖子,但没有什么能帮到我.如何在login.php中添加它?盐也存储在数据库中.
这是我的register.php加密脚本
$hash = hash('sha256', $password1);
function createSalt()
{
$text = md5(uniqid(rand(), TRUE));
return substr($text, 0, 3);
}
$salt = createSalt();
$password = hash('sha256', $salt . $hash);
这是我的login.php与季节
//Create query
$qry="SELECT * FROM member WHERE username='$username' AND password='$password'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) > 0) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['id'];
$_SESSION['SESS_FIRST_NAME'] = $member['username'];
$_SESSION['SESS_LAST_NAME'] = $member['password'];
session_write_close();
header("location: profile.php");
exit();
}
else {
//Login failed
//error message
}
else {
die("Query failed");
}
and*_*eas 42
这些例子来自php.net.多亏了你,我也刚刚了解了新的php散列函数.
阅读php文档,了解可能性和最佳实践:http: //www.php.net/manual/en/function.password-hash.php
保存密码哈希:
$options = [
'cost' => 11,
];
// Get the password from post
$passwordFromPost = $_POST['password'];
$hash = password_hash($passwordFromPost, PASSWORD_BCRYPT, $options);
// Now insert it (with login or whatever) into your database, use mysqli or pdo!
获取密码哈希:
// Get the password from the database and compare it to a variable (for example post)
$passwordFromPost = $_POST['password'];
$hashedPasswordFromDB = ...;
if (password_verify($passwordFromPost, $hashedPasswordFromDB)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
| 归档时间: |
|
| 查看次数: |
101465 次 |
| 最近记录: |