stackoom
  简体   繁体   中英

How to use password_hash Register And Login

 原文  2017-03-05 19:37:56       php/ password-hash

Question

I'm trying to figure out how to use password_hash on register and login systems.

Currently I'm using password_hash like this to register my users. 

$pass = $_POST['Pass']; 
$hashed_password = password_hash($pass, PASSWORD_DEFAULT); 

$stmt = $conn->prepare("INSERT INTO `usuario`(`Nick`, `Nombre_u`, `Apellidos`, `e-mail`, `Password`, `Domicilio`, `Colonia`, `Codigo_Postal`, `Cuidad`, `Estado`, `Telefono`) VALUES (?, ?, ?, ?, ?, ? , ?, ?, ?, ?, ?)"); 
$stmt->bind_param( "sssssssisss", $nick, $nombre, $apellidos, $mail, $hashed_password, $domicilio, $colonia, $cp, $cuidad, $estado,  $telefono); 
$stmt->execute(); 
header("Location: ../Registrado.php?Done=Welcome");

And I'm loging my users this way. 

$usuario = $_POST["Nick"];
$contra = $_POST["Pass"]; 
$hashed_password = password_hash($contra, PASSWORD_DEFAULT);  
$stmt = $conn->prepare("SELECT Nick, Password FROM usuario WHERE Nick = ? AND Password= ?");
$stmt->bind_param( "ss", $usuario, $hashed_password); 
$stmt->execute();
$stmt->store_result(); 
$stmt->bind_result($a, $b); 
if($stmt->fetch() == 0){ 
    header("Location: ../Entrar.php?message=Error");
    exit();
} 
else {  
    session_start(); 
    $_SESSION['Usuario'] = $a; 
    $_SESSION['estado'] = 'Autenticado';  
    header("Location: ../../Index.php"); 
    exit();
}

The way I'm Understanding It's that my query will do something like this.

First will take my input Eg:" 123 ", then hashed_password will turn my input into Eg:" $2y$10$BvFW3ott5f7JvZ4rCa ", And my query will do his work like this. 

SELECT Nick, Password FROM usuario WHERE Nick = 'User' AND Password= '$2y$10$BvFW3ott5f7JvZ4rCa'

But I'm Still returning to my Login Form instead log in my user.

What am I doing wrong?

1 answers

solution1
 4 ACCPTED  2017-03-05 22:14:40

Ok I made this work with password_verify() 

$usuario = $_POST["Nick"];
$contra = $_POST["Pass"];   
$stmt = $conn->prepare("SELECT Nick, Password FROM usuario WHERE Nick = ?");
$stmt->bind_param( "s", $usuario); 
$stmt->execute();
$stmt->store_result(); 
$stmt->bind_result($a, $b);   

if($stmt->fetch() == 0){ 
    header("Location: ../Entrar.php?message=Error");
    exit();
}
else {  
    if(password_verify($contra, $b)) {
        session_start(); 
        $_SESSION['Usuario'] = $a; 
        $_SESSION['estado'] = 'Autenticado';  
        header("Location: ../../Index.php"); 
        exit; 
    }
    else{ 
        header("Location: ../Entrar.php?message=Error");
        exit;
    }
}

Thank you for all those comments. And yes martinstoeckli that was the answer to my question thank you

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use password_hash for CodeIgniter How to use BCRYPT with password_hash() in PHP correct use of password_hash How to use PHP's password_hash to hash and verify passwords Using password_hash() to protect password on login? compare passwords on register using password_hash() PHP Login Using password_hash How to use php's password_hash() method..? How to use crypt() and the password_hash() function together? How do I use the Argon2 algorithm with password_hash?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM