堆栈内存溢出
  简体   繁体   English

验证数据库中的哈希密码

[英]Verify hashed password from database

 原文  2015-09-29 10:56:23       php/ html5/ hash

问题描述

I am currently letting users sign up with a username and password and storing the password hashed in my database which is stored fine as follows: 我目前允许用户使用用户名和密码进行注册,并将散列的密码存储在我的数据库中,该数据库可以按以下方式很好地存储: 

//Signing up
<?php
    $user = $_POST['user1'];
    $pass = $_POST['pass1'];
    $pass = password_hash($pass, PASSWORD_DEFAULT);     
    mysql_query("INSERT INTO users(username, password) VALUES ('$user', '$pass')");
?>

<html>
    <body>
        <h1>Signup</h1>
        <form action="new_user.php" method="POST">
            <p>Username: </p><input type="text" placeholder="User name" name="user1"/>
            <p>Password: </p><input type="password" placeholder="Password" name="pass1"/>
            <br><br>
            <input type="submit" value="Signup!"/>
        </form>
    </body>
</html>

Using the following code to verify the hashed password against the user's password input but it doesn't work. 使用以下代码根据用户的密码输入来验证哈希密码,但是它不起作用。 Returns the message as invalid info1. 将消息作为无效的info1返回。 I tried to echo the information from $result2 and was expecting the information to be the hashed password something like '$2y$10$lRgHiIV5Qddt9'. 我试图回显$ result2中的信息,并希望该信息是哈希密码,例如“ $ 2y $ 10 $ lRgHiIV5Qddt9”。 Instead I am getting the message "Resource id #7". 相反,我收到消息“资源ID#7”。 Am I retrieving the information wrongly? 我是否错误地检索信息? Please assist. 请协助。 

//Verifying
<?php
    $myUserName = $_POST['user'];
    $myPassword = $_POST['pass'];

    //prevent SQL injections
    $myUserName = stripslashes($myUserName);
    $myPassword = stripslashes($myPassword);

    $query1 = "SELECT * FROM users WHERE username='$myUserName'";
    $result1 = mysql_query($query1);
    $count1 = mysql_num_rows($result1);

    if($count1 == 1){
        $query2 = "SELECT password FROM users WHERE username='$myUserName'";
        $result2 = mysql_query($query2);
        //echo $result2; //Testing to see if am getting the hashed password. 
        if(password_verify($myPassword, $result2 )){
            $seconds = 120 + time();
            setcookie(loggedIn, date("F js - g:i a"), $seconds);
            header("location:login_success.php");
        }
        else{
            echo "Invalid info1";
        }
    }
    else{
            echo "Invalid info2";
    }
?>

2 个解决方案

解决方案1
 3 已采纳  2015-09-29 11:01:01

In this line 在这条线 

if(password_verify($myPassword, $result2 )){

the variable $result2 is supposed to be a string, but it is a resource . 变量$result2应该是字符串,但这是resource You should extract the string inside the column password inside the first row in the resource , and use that string in the password_verify function. 您应该在resource的第一行中提取password列中的字符串,并在password_verify函数中使用该字符串。

Something like: 就像是: 

$row = mysql_fetch_array($result2, MYSQL_ASSOC);
$hash = $row['password'];
if(password_verify($myPassword, $hash )){

解决方案2
 0  2015-09-29 11:15:28

You need to fetch value from resource 您需要从resource获取价值 

$row = mysql_fetch_array($result2, MYSQL_ASSOC);
$password = $row['password'];
if(password_verify($myPassword, $password )){

}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 尝试使用登录表单中的密码验证数据库中的哈希密码 - Trying to verify a hashed password from database with password from login form 使用数据库中的哈希密码时,password_verify不起作用 - password_verify does not work when using hashed password from database 如何验证哈希密码 - How to verify an hashed password 验证密码是否散列 - Verify a password is hashed 如何验证哈希密码? - how to verify the hashed password? PHP password_verify从数据库检索散列的PW时返回False - PHP password_verify Returning False When Retrieving Hashed PW from Database password_verify 用于哈希密码 - password_verify for hashed password PHP:从哈希密码检索并将哈希密码保存到数据库 - PHP: Retrieve from and save hashed password to database 从数据库返回哈希密码字符 - Returning hashed password characters from database 为什么哈希密码与数据库中的值不匹配? - Why is hashed password not matching from value in database?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM