堆栈内存溢出
  简体   繁体   English

密码已加密BCRYPT时,使用android验证登录名

[英]verify a login with android when password is crypted BCRYPT

 原文  2016-05-30 12:33:02       php/ android/ web-services/ symfony/ bcrypt

问题描述

so i had my table user (with crypted password) and am using it fine with symfony 所以我有我的表用户(密码已加密),并在symfony中很好地使用了它

security.yml security.yml 

security:
encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt

and trying to connect my android application in the some DB, but it's not possible cause the password are crypted, i even tryed to add new Libary under php/lib/password.php to use "password_hash($password, PASSWORD_DEFAULT)" 并尝试在某些数据库中连接我的android应用程序,但不可能导致密码被加密,我什至试图在php / lib / password.php下添加新的库,以使用“ password_hash($ password,PASSWORD_DEFAULT)”

i hope find a solution together guys, i am really upset about that. 我希望大家一起找到解决方案,对此我真的很沮丧。

this is my "login.php" under htdocs to connect my android app to the DB 这是我在htdocs下将我的android应用连接到数据库的“ login.php” 

<?php

    define('HOST','localhost');
    define('USER','root');
    define('PASS','');
    define('DB','swib');

    $con = mysqli_connect(HOST,USER,PASS,DB);

    $username = $_POST['username'];
    $password = $_POST['password'];

    $password2 = password_hash($password, PASSWORD_DEFAULT);

    $sql = "select * from swib_user where username='$username' and password='$password2'";

    $res = mysqli_query($con,$sql);



    $check = mysqli_fetch_array($res);

    if (isset($check)) {
      echo 'success';
    } else {
      echo 'failure';
    }

    mysqli_close($con);

?>

ps: that's work's fine with another DB (i mean with normal password, not crypted) ps:使用另一个数据库就可以了(我的意思是使用普通密码,未加密)

1 个解决方案

解决方案1
 0  2016-05-30 20:34:35

<?php

// if this is under web folder
// adjust it according where this script is located
require_once '../vendor/autoload.php';

use Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;

$encoder = new BCryptPasswordEncoder(16); // initialize with some int between 4 and 31

define('HOST', 'localhost');
define('USER', 'root');
define('PASS', '');
define('DB', 'database');

$con = mysqli_connect(HOST,USER,PASS,DB);

$username = mysqli_real_escape_string($con, $_POST['username']); // don't forget about security
$password = $_POST['password'];

$sql = "select password, salt from swib_user where username='$username'"; // if you do not have salt in your table, remove it from select and leave only password

$res = mysqli_query($con, $sql);
$check = mysqli_fetch_array($res);

// if you do not have salt in your table, you should use returning value of $user->getSalt() method for this user. or null if you don't use salt
if (isset($check) && $encoder->isPasswordValid($check['password'], $password, $check['salt'])) {
    echo 'success';
} else {
    echo 'failure';
}

mysqli_close($con);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Bcrypt密码验证登录 - Verify Login with Bcrypt Password 筛子-使用加密密码登录 - Sieve - Login with crypted password 使用Java和PHP进行BCrypt,发送加密密码并对其进行解码 - BCrypt with Java and PHP, send crypted password and decode them Password_verify bcrypt无法正常工作 - Password_verify bcrypt not working Symfony 3 bcrypt密码无法验证 - Symfony 3 bcrypt password does not verify PHP的BCrypt无法验证密码 - BCrypt of PHP cannot verify the password 密码验证不适用于密码哈希 BCRYPT - Password verify not working with password hash BCRYPT 如何在登录页面中检查密码? - how can i check crypted password in login page? password_verify无法使用Bcrypt验证password_hash - password_verify can't verify password_hash with Bcrypt Zend\\Crypt\\Password\\BCrypt 验证方法 - Zend\Crypt\Password\BCrypt verify method
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM