stackoom
  简体   繁体   中英

how to use hash sha256 password for pdo Login php

 原文  2016-10-05 13:28:23       php/ mysql/ pdo/ hash/ login

Question

my register using hash 'sha256' password for database, i dont know the function that using for login with hash password.. i tried it but not fix or i need to use hash password for it ::

session_start();

try{
 $bdd = new PDO('mysql:host=localhost; dbname=senio743_payless','senio743_peter', 'P@ssw0rd123');
}
catch (Exception $e) {
 die ('Error: '.$e->getMessage ()); 
}

$data = array ();

if (isset($_POST['submit'])) {
  if (isset($_POST['con_id'])) {
    $conId= htmlspecialchars($_POST['con_id']);
  }

  if (isset($_POST['con_password'])) {
    $pass= htmlspecialchars($_POST['con_password']);
  }

  if ($conId==''||$pass=='') {
    $message="Fill in all the enteries";
    echo "<script>alert('".$message."');</script>";
    exit();
  }

  $query=  "SELECT * FROM `consumer` WHERE `con_id`='".$conId."' AND `con_password`= '".$pass."'";

  $prepare = $bdd->prepare($query);
  $exist = $prepare->execute();

  if ($exist) {
    if ($prepare->rowCount()>0) {
        $data[]=$prepare->fetch();
        foreach ($data as $datas) {
          $con_name=$datas['con_name'];
          $con_amount=$datas['con_amount'];
          //echo $mer_name;
        }
        $_SESSION['ID']= $conId;
        $_SESSION['name']= $con_name;
        $_SESSION['balance']= $con_amount;
       // $message="LOGIN Succesful";
        header("location:../consumer/summary.php");
        exit();
    }
    else {
        $_SESSION['ID']= "";
        $_SESSION['name']= '';
        $_SESSION['balance']= 'Login Please';
        $message="Login not succesful";
        echo "<script>alert('".$message."');</script>";
        header("location:../login.php");
        exit();
    }
 }

please need help, thank you..

2 answers

solution1
 1 ACCPTED  2016-10-05 13:55:18

Do not use md5().

PHP has a password hashing function. 

$options = [ 'cost' => 15 ];
$hashed_password = password_hash('password', PASSWORD_BCRYPT, $options);

if(password_verify($_POST['password'], $hashed_password))
{
    // Password the same
}
else
{
    // Password failed
}

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

Using your script something along these lines may work as well

if (isset($_POST['submit'])) {

 if ($conId==''||$pass=='') {
   $message="Fill in all the enteries";
    echo "<script>alert('".$message."');</script>";
    exit();
  }
  $query = "SELECT * FROM `consumer` WHERE `con_id`= :con_id";
  $prepare = $bdd->prepare($query);
  $prepare->bindParam(':con_id', $con_id);
  $prepare->execute();
  $exists = $prepare->fetch();

  $pass = hash('sha256', $_POST['pass']);
  if($pass == $exists['pass'])
  {
      // Passwords Match
  }
  else
  {
      // They Don't
  }
}

solution2
 -1  2016-10-05 13:44:24

The hash function is just hash('sha256', $pass);

http://php.net/manual/en/function.hash.php

Also, when logging someone in, I've always looked up the user my their username and then compared the passwords in PHP. It should be faster because the query doesn't have compare a 200 character string to thousands of other strings.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP salt and hash SHA256 for login password PHP hash SHA256 login password (different from normal) How to compare user input with db password when using PHP's sha256 hash method? How to check if string is a valid sha256 hash in PHP? SHA256 is not generating right hash in php sha256 hash PHP and store on MySQL How to use PHP crypt() function with a SHA256 salt string to generate the same hash it would generate if SHA256 wasn't supported on the server? PHP Password output on SHA256 Swift SHA256 hash doedn't match PHP SHA256 hash How to use sha256 in php5.3.0
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM