[英]verify a login with android when password is crypted BCRYPT
so i had my table user (with crypted password) and am using it fine with symfony 所以我有我的表用户(密码已加密),并在symfony中很好地使用了它
security.yml security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
and trying to connect my android application in the some DB, but it's not possible cause the password are crypted, i even tryed to add new Libary under php/lib/password.php to use "password_hash($password, PASSWORD_DEFAULT)" 并尝试在某些数据库中连接我的android应用程序,但不可能导致密码被加密,我什至试图在php / lib / password.php下添加新的库,以使用“ password_hash($ password,PASSWORD_DEFAULT)”
i hope find a solution together guys, i am really upset about that. 我希望大家一起找到解决方案,对此我真的很沮丧。
this is my "login.php" under htdocs to connect my android app to the DB 这是我在htdocs下将我的android应用连接到数据库的“ login.php”
<?php
define('HOST','localhost');
define('USER','root');
define('PASS','');
define('DB','swib');
$con = mysqli_connect(HOST,USER,PASS,DB);
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = password_hash($password, PASSWORD_DEFAULT);
$sql = "select * from swib_user where username='$username' and password='$password2'";
$res = mysqli_query($con,$sql);
$check = mysqli_fetch_array($res);
if (isset($check)) {
echo 'success';
} else {
echo 'failure';
}
mysqli_close($con);
?>
ps: that's work's fine with another DB (i mean with normal password, not crypted) ps:使用另一个数据库就可以了(我的意思是使用普通密码,未加密)
<?php
// if this is under web folder
// adjust it according where this script is located
require_once '../vendor/autoload.php';
use Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;
$encoder = new BCryptPasswordEncoder(16); // initialize with some int between 4 and 31
define('HOST', 'localhost');
define('USER', 'root');
define('PASS', '');
define('DB', 'database');
$con = mysqli_connect(HOST,USER,PASS,DB);
$username = mysqli_real_escape_string($con, $_POST['username']); // don't forget about security
$password = $_POST['password'];
$sql = "select password, salt from swib_user where username='$username'"; // if you do not have salt in your table, remove it from select and leave only password
$res = mysqli_query($con, $sql);
$check = mysqli_fetch_array($res);
// if you do not have salt in your table, you should use returning value of $user->getSalt() method for this user. or null if you don't use salt
if (isset($check) && $encoder->isPasswordValid($check['password'], $password, $check['salt'])) {
echo 'success';
} else {
echo 'failure';
}
mysqli_close($con);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.