[英]PHP: replace 'dollar' in string in MySQL
I have a serious problem, whole day I been looking for answers but I cannot find anything... 我有一个严重的问题,整天我都在寻找答案,但是我什么都找不到...
What I Am Doing: 我在做什么:
I am trying to make a user login on my site(in php). 我正在尝试使用户登录我的网站(使用php)。
The passwords and users are saved in a MySQL database on my server. 密码和用户保存在我服务器上的MySQL数据库中。
For the passwords I am using Bcrypt . 对于密码,我正在使用Bcrypt 。 The only problem is that I do not have the knowledge to change the Bcrypt code.. I got the class from a free to have site. 唯一的问题是,我不具备更改Bcrypt代码的知识。.我从一个免费的网站获得了该类。
Problem 问题
Now for the problem, when I am hashing my passwords there are three $
signs in front. 现在,对于问题,当我对密码进行哈希处理时,前面有三个$
符号。
For example: loltest
will become $2y$10$wxadWEbkn..XpJ.C1TmnaeOyneJyQbcAIJ20yBBlBoBr1XDwDkJSq
例如: loltest
将变成$2y$10$wxadWEbkn..XpJ.C1TmnaeOyneJyQbcAIJ20yBBlBoBr1XDwDkJSq
The hashed password is stored in a table in my database. 哈希密码存储在我数据库的一个表中。
Step 1 第1步
A user logs in an typs his/her password, the php code then verifies if the password matches the hashed password. 用户输入他/她的密码,然后php代码验证密码是否与哈希密码匹配。 The name of a user is $phpro_username
and the password is stored in $phpro_password
. 用户名是$phpro_username
,密码存储在$phpro_password
。
But before I call that function I am selecting the hashed password from my table like this: 但是在调用该函数之前,我要从表中选择哈希密码,如下所示:
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("SELECT phpro_password FROM phpro_users WHERE phpro_username = '$phpro_username'");
$stmt->execute();
$hash = $stmt->fetchColumn();
Step 2 第2步
I tried to use the function called password_verify
, it looks like this: 我试图使用名为password_verify
的函数,它看起来像这样:
function password_verify($password, $hash) {
if (!function_exists('crypt')) {
trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
return false;
}
$ret = crypt($password, $hash);
if (!is_string($ret) || strlen($ret) != strlen($hash) || strlen($ret) <= 13) {
return false;
}
$status = 0;
for ($i = 0; $i < strlen($ret); $i++) {
$status |= (ord($ret[$i]) ^ ord($hash[$i]));
}
return $status === 0;
}
How do I do it? 我该怎么做?
$check = password_verify($phpro_password, $hash);
If the passwords match $check
will be 1, else it will be empty. 如果密码匹配$check
将为1,否则将为空。
Normally this should be working but when I am running this code the $check
is always empty. 通常,这应该可以工作,但是当我运行此代码时, $check
始终为空。 If i try to do this without the MySQL there is no problem: 如果我尝试在没有MySQL的情况下执行此操作,则不会出现问题:
<?php
include 'password.php';
$password = "loltest";
$hash = password_hash($password, PASSWORD_BCRYPT);
$verify = password_verify("loltest", $hash);
echo $verify;
?>
If I run the code above for example, $verify
is always 1. 例如,如果我运行上述代码,则$verify
始终为1。
After some research: 经过研究:
I think the problem lies with the MySQL, because in my hash are three $
signs, if I store this in MySQL and then get it out the varibles are changed with their values, in this case nothing and the passwords do not match. 我认为问题出在MySQL上,因为在我的哈希中有三个$
符号,如果我将其存储在MySQL中然后将其取出,则变量的值会更改,在这种情况下,密码和密码都不匹配。
Is there a way to solve this? 有办法解决吗? Or is there a way to replace the $
signs in my hash? 还是有办法替换哈希中的$
符号?
Single quote strings are not processed and are taken "as-is". 单引号字符串不会被处理,而是按原样使用。 You should always use single quote strings unless you specifically need the $variable. 除非特别需要$ variable,否则应始终使用单引号字符串。
For example, 例如,
$var = "$2y$10$wxadWEbkn..XpJ.C1TmnaeOyneJyQbcAIJ20yBBlBoBr1XDwDkJSq";
should be 应该
$var = '$2y$10$wxadWEbkn..XpJ.C1TmnaeOyneJyQbcAIJ20yBBlBoBr1XDwDkJSq';
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.