sta*_*ark 1 php mysql security pdo password-hash
我的代码实际上正在工作,但它根本不安全,我不想使用MD5,因为它不是那么安全.我一直在查找密码哈希,但我不确定如何将其合并到我的代码中.
登录:
require_once __DIR__.'/config.php';
session_start();
$dbh = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_USERNAME, DB_USERNAME, DB_PASSWORD);
$sql = "SELECT * FROM users WHERE username = :u AND password = :p";
$query = $dbh->prepare($sql); // prepare
$params = array(":u" => $_POST['username'], ":p" => $_POST['password']);
$query->execute($params); // execute
$results = $query->fetchAll(); // then fetch
//hash passwords pls
if (count($results) > 0 ){
$firstrow = $results[0];
$_SESSION['username'] = $firstrow['username'];
echo "Hello $username you have successfully logged in";
//header ("location:.php");
}
else{
echo "Login Has Failed";
return;
}
寄存器:
$dbh = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_USERNAME, DB_USERNAME, DB_PASSWORD);
$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$stmt = $dbh->prepare("insert into users set username='".$username."', email='".$email."', password='".$password."' ");
$stmt->execute();
echo "<p>Thank you, you are registered</p>";
谁能告诉我如何将它融入我的代码中?
irc*_*ell 22
只需使用图书馆.认真.它们存在是有原因的.
password_hash()password-compat(上面的兼容包)不要自己动手.如果你正在创造自己的盐,那你就错了.您应该使用一个为您处理的库.
$dbh = new PDO(...);
$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$hash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $dbh->prepare("insert into users set username=?, email=?, password=?");
$stmt->execute([$username, $email, $hash]);
登录时:
$sql = "SELECT * FROM users WHERE username = ?";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute([$_POST['username']]);
$users = $result->fetchAll();
if (isset($users[0]) {
if (password_verify($_POST['password'], $users[0]->password) {
// valid login
} else {
// invalid password
}
} else {
// invalid username
}
| 归档时间: |
|
| 查看次数: |
10885 次 |
| 最近记录: |