[英]How to compare input password to database hash password?
I want to write an if that will log in to the admin panel if the user name and password in the data base are equal.如果数据库中的用户名和密码相同,我想写一个 if 将登录到管理面板。 NOW,现在,
'SqlCommand cmd = new SqlCommand("Select * from tbl_Log where @P1=userName and @P2=password", conn);
this is my query to get data cmd.Parameters.AddWithValue("@P1", txtUsername.Text);
这是我获取数据的查询cmd.Parameters.AddWithValue("@P1", txtUsername.Text);
cmd.Parameters.AddWithValue("@P2", hash.hashPassword(txtPassword.Text));
I want to write if(txtUsername.Text == "@P1" && hash.hashPassword(txtPassword.Text) == "@P2" )
and if work go to admin panel this is possible but I don't know what am I writing instead "@P2"
in the if statement?我想写if(txtUsername.Text == "@P1" && hash.hashPassword(txtPassword.Text) == "@P2" )
如果工作 go 到管理面板这是可能的,但我不知道我是什么在 if 语句中改写"@P2"
? do you have any idea?你有什么主意吗?
database stored hash manuelly数据库存储 hash 手动
private void Login_btn_Click(object sender, EventArgs e)
{
conn.Open();
SqlCommand cmd = new SqlCommand(@"Select * from tbl_Log where @P1=userName and @P2=password", conn);
string tmpPass = txtPassword.Text;
string salt = BCrypt.Net.BCrypt.GenerateSalt(12);
string hashPwd = BCrypt.Net.BCrypt.HashPassword(tmpPass, salt);
cmd.Parameters.AddWithValue("@P1", txtUsername.Text);
cmd.Parameters.AddWithValue("@P2", hashPwd);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
string tempUsername = dr["userName"].ToString().Trim();
string tempPassword = dr["password"].ToString().Trim();
if (txtUsername.Text == tempUsername && hashPass == tempPassword)
{
loginSuccesfull_Admin lS_Admin = new loginSuccesfull_Admin();
lS_Admin.Show();
this.Hide();
dr.Close();
conn.Close();
}
else
{
MessageBox.Show("You entered wrong username or password!");
}
}
else
{
conn.Close();
}
}
where am ı doing wrong?我在哪里做错了? could you explain and make a example for me thanks for your help!你能为我解释一下并举个例子吗谢谢你的帮助!
Hashes are salted, which means that identical input creates unique output.哈希是加盐的,这意味着相同的输入会创建唯一的 output。 This is a feature to add more security to storing user sensitive data and the main reason on why hashes are so safe.这是一项为存储用户敏感数据增加更多安全性的功能,也是哈希如此安全的主要原因。 Therefore (unlike with encrypted passwords) it makes them one-way only and you can not compare two different hashes simply because they had the same original input.因此(与加密密码不同)它仅使它们成为单向的,并且您不能仅仅因为它们具有相同的原始输入而比较两个不同的哈希值。 What you must do instead is compare the value to the stored hash for validity.您必须做的是将值与存储的 hash 进行比较以确认有效性。 With BCrypt you can do this in the following way:使用 BCrypt,您可以通过以下方式执行此操作:
var isValid = BCrypt.Net.BCrypt.Verify(password, hash);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.