堆栈内存溢出
  简体   繁体   English

无法使用散列密码登录 - Mysqli PHP

[英]Can't login with hashed password - Mysqli PHP

 原文  2020-04-22 13:40:54       php

问题描述

I have hashed my password on the registration page with next code:我在注册页面上用下一个代码对我的密码进行了哈希处理:

$c_pass = $_POST['c_pass'];
$storePassword = password_hash($c_pass, PASSWORD_BCRYPT, array('cost' => 10));

And on login page I have this code:在登录页面上我有这个代码:

$customer_email = $_POST['c_email'];
$customer_pass = $_POST['c_pass'];
$select_customer = "select * from customers where customer_email='$customer_email' AND customer_pass='$customer_pass'";

When trying to log in, they pop-up me an error screen that my credentials not valid.尝试登录时,他们会弹出一个错误屏幕,提示我的凭据无效。 I try to use我尝试使用

if(password_verify($customer_password,$row['c_pass'])){ if(password_verify($customer_password,$row['c_pass'])){

But noting help me, can someone write me solution for this because i can't find the solution.但是请注意帮助我,有人可以为此写我的解决方案,因为我找不到解决方案。

1 个解决方案

解决方案1
 1  2020-04-22 14:06:17

You should remove the AND from your WHERE clause because when user types his/her password on login form input, it will be non-hashed and therefore you will never retrieve the user by the composite condition email + password.您应该从WHERE子句中删除AND ,因为当用户在登录表单输入中键入他/她的密码时,它将是非散列的,因此您永远不会通过复合条件 email + 密码检索用户。 Instead, you should find the user by identifier (username or email), then you should compare the raw password from login form password input against the hashed from the database.相反,您应该通过标识符(用户名或电子邮件)找到用户,然后您应该将来自登录表单密码输入的原始密码与来自数据库的哈希值进行比较。 So take a look into the following:因此,请查看以下内容:

$mysqli = new mysqli('host', 'user', 'password', 'db_name');

// these are submitted input values from the login form which you handle
$email = $_POST['c_email'];
$password = $_POST['c_password'];

// build your query with prepared statements which will retrieve
// the user from the database with login form submitted email
$stmt = $mysqli->prepare('select * from customers where customer_email = ?');
$stmt->bind_param('s', $email);
$stmt->execute();

$result = $stmt->get_result();
$customer = $result->fetch_assoc();

if (empty($customer)) { 
    // no user found by this email, so send to user response message
    // that your system cannot find any customer by provided email
    return false;
}

// here you compare the typed user login password versus the fetched user's password from the database by the provided user email
if (password_verify($password, $customer['c_pass'])) {
    // ok, so the password comparison match
} else {
    // invalid password
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Mysqli:我无法使用散列密码登录 - Mysqli: I can't login with hashed password 无法使用 sha1 散列密码登录 - Can't Login With sha1 Hashed password PHP-使用sha1哈希密码的登录功能,无法使其正常工作 - PHP - login-function using sha1 hashed password, can't get it to work 有没有办法为php mysqli登录存储哈希密码? - Is there a way to store hashed passwords for php mysqli login? 无法在MySQL中获取登录表单的哈希密码 - Can't fetch hashed password for login form in MySQL MySqli登录系统 - 在验证哈希密码时遇到麻烦 - MySqli Login System - Having Troubles With Verifying Hashed Password PHP无法在PDO查询中使用哈希密码 - PHP Can't use a hashed password in a PDO query 使用MySQL数据和哈希密码登录PHP - PHP login using MySQL data and hashed password 登录不适用于未散列的密码,只有散列的密码 - Login doesn't work with not hashed password only hashed ones 将数据库中的哈希密码与PHP MYSQLI中的用户输入进行比较 - Comparing Hashed Password in the database to user Input in PHP MYSQLI
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM