我的 Codeigniter(3.0 版)登录模块中有这个方法。它工作正常,但这安全吗?是否有更好的解决方案来使用 PHP password_verify 检查登录名和密码?(PHP 5.6,MySQL 5.0)。
$user = $this->input->post('username');
$password = $this->input->post('password');
$myquery = $this->db->query("SELECT * FROM users WHERE user = '$user'");
$row = $myquery->row();
if (isset($row))
{
//Using hashed password - PASSWORD_BCRYPT method - from database
$hash = $row->password;
if (password_verify($password, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
} else{
echo 'Wrong user!';
}