[英]how to call encrypted Password PHP to Android Mysql
my login activity cannot read encrypted Password i tried without encrypted password and it works and im not sure if the error from php or activity itself of how to decryption password 我的登录活动无法读取加密密码,而我没有加密密码就尝试了它,它可以正常工作,而且我不确定是否来自php或活动本身的错误如何解密密码
im Using PASSWORD_BCRYPT 我正在使用PASSWORD_BCRYPT
<?php
include "conn.php";
$Email = $_POST['Email'];
$Password = $_POST['Password'];
$sql_login = "SELECT * FROM users WHERE Email = :EMAIL and Password =:PASSWORD";
$stmt = $PDO->prepare($sql_login);
$stmt->bindParam(':EMAIL', $Email);
$stmt->bindParam(':PASSWORD', $Password);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$returnApp = array('LOGIN' => 'SUCCESS');
echo json_encode($returnApp);
}else{
$returnApp = array( 'LOGIN' => 'FAILED');
echo json_encode($returnApp);
}
?>
To correctly use hashing of a password in PHP, use the password_hash
and password_verify
combination. 要在PHP中正确使用密码哈希,请使用password_hash
和password_verify
组合。
When a user signs up, you get his password, hash it and store it in the database: 用户注册后,您将获得其密码,对其进行哈希处理并将其存储在数据库中:
$hash = password_hash($_POST['newpassword'], PASSWORD_DEFAULT);
// store $hash in database column "password"
When this user wants to login, you check against the hash: 当该用户想要登录时,您可以检查哈希值:
// fetch hash from database, store it in $stored_hash
$logged_in = password_verify($_POST['password'], $stored_hash);
if ($logged_in === TRUE) {
echo "Welcome!";
} else {
echo "Username or password incorrect.";
}
Final notes: 最后说明:
PASSWORD_DEFAULT
and make sure your database can store the result (also in the future). 使用PASSWORD_DEFAULT
并确保您的数据库可以存储结果(将来也可以)。 Hashing algorithms happen to get cracked once in a while. 哈希算法偶尔会被破解。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.