stackoom
  简体   繁体   中英

Hashing and password_verify

 原文  2015-05-26 16:23:33       php/ hash/ login/ passwords/ verification

Question

I'm working with my little PHP project and I'm trying to implement hashing on registration and I need to verify my hashed password when user want to log in. I tried a lot but I don't really get how I could use password_verify function in my code.

In my registration.php I have a code:

$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$email = $_POST['email'];

My login.php file looks like this:

$username = $_POST['username'];
        $password = $_POST['password'];

        $username = htmlentities($username, ENT_QUOTES, "utf-8");
        $password = htmlentities($password, ENT_QUOTES, "utf-8");

            if ($result = @$connect_db->query(sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'",
                mysqli_real_escape_string($connect_db, $username),
                mysqli_real_escape_string($connect_db, $password)))
            ) {
                $amount = $result->num_rows;
                if ($amount > 0) {
                    $_SESSION['logged_in'] = true;

                    $row = $result->fetch_assoc();
                    $_SESSION['user_id'] = $row['user_id'];
                    $_SESSION['username'] = $row['username'];
                    $_SESSION['enter code hereemail'] = $row['email'];
                    $_SESSION['admin'] = $row['admin'];

                    unset($_SESSION['error']);
                    $result->free_result();
                    header('Location: dictionary.php');
                } else {
                    $_SESSION['error'] = '<p class="error_m">Invalid username or password!</p>';
                    header('Location: index.php');
                }
            }

My question is about how to use password_verify function in my login.php file?

2 answers

solution1
 1  2015-05-26 16:57:43

I'm working with my little PHP project and I'm trying to implement hashing on registration and I need to verify my hashed password when user want to log in. I tried a lot but I don't really get how I could use password_verify function in my code.

In my registration.php I have a code:

$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$email = $_POST['email'];

My login.php file looks like this:

$username = $_POST['username'];
        $password = $_POST['password'];

        $username = htmlentities($username, ENT_QUOTES, "utf-8");
        $password = htmlentities($password, ENT_QUOTES, "utf-8");

            if ($result = @$connect_db->query(sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'",
                mysqli_real_escape_string($connect_db, $username),
                mysqli_real_escape_string($connect_db, $password)))
            ) {
                $amount = $result->num_rows;
                if ($amount > 0) {
                    $_SESSION['logged_in'] = true;

                    $row = $result->fetch_assoc();
                    $_SESSION['user_id'] = $row['user_id'];
                    $_SESSION['username'] = $row['username'];
                    $_SESSION['enter code hereemail'] = $row['email'];
                    $_SESSION['admin'] = $row['admin'];

                    unset($_SESSION['error']);
                    $result->free_result();
                    header('Location: dictionary.php');
                } else {
                    $_SESSION['error'] = '<p class="error_m">Invalid username or password!</p>';
                    header('Location: index.php');
                }
            }

My question is about how to use password_verify function in my login.php file?

solution2
 0 ACCPTED  2015-05-26 17:00:57

I'm working with my little PHP project and I'm trying to implement hashing on registration and I need to verify my hashed password when user want to log in. I tried a lot but I don't really get how I could use password_verify function in my code.

In my registration.php I have a code:

$username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$email = $_POST['email'];

My login.php file looks like this:

$username = $_POST['username'];
        $password = $_POST['password'];

        $username = htmlentities($username, ENT_QUOTES, "utf-8");
        $password = htmlentities($password, ENT_QUOTES, "utf-8");

            if ($result = @$connect_db->query(sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'",
                mysqli_real_escape_string($connect_db, $username),
                mysqli_real_escape_string($connect_db, $password)))
            ) {
                $amount = $result->num_rows;
                if ($amount > 0) {
                    $_SESSION['logged_in'] = true;

                    $row = $result->fetch_assoc();
                    $_SESSION['user_id'] = $row['user_id'];
                    $_SESSION['username'] = $row['username'];
                    $_SESSION['enter code hereemail'] = $row['email'];
                    $_SESSION['admin'] = $row['admin'];

                    unset($_SESSION['error']);
                    $result->free_result();
                    header('Location: dictionary.php');
                } else {
                    $_SESSION['error'] = '<p class="error_m">Invalid username or password!</p>';
                    header('Location: index.php');
                }
            }

My question is about how to use password_verify function in my login.php file?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question password_verify - password hashing Password Hashing issue with password_hash & password_verify password_verify() not verifying Password_verify CodeIgniter PHP password_verify PHP password_verify() Password_verify in PHP Password_verify, PDO issue with password_verify() password_verify for hashed password
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM