stackoom
  简体   繁体   中英

How to check a hashed password against database

 原文  2017-09-30 18:39:44       php/ mysql/ sql/ password-hash/ php-password-hash

Question

I am looking to check the username and password that are entered are equal to the username and password stored in mysql database.

I have used password_hash() to hash the password and stored them into table. But I don't know, how to check if they are the same or not.

HTML 

<!DOCTYPE HTML>  
<html>
<head>
<style>
    .error {color: #FF0000;}
</style>
</head>
<body>

<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">  
Username: <input type="text" name="username">
<span class="error">* <?php echo $usernameErr;?></span>
<br><br>
Password: <input type="password" name="password">
<span class="error">* <?php echo $passwordErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">

</form>
</body>
</html>

PHP 

<?php
error_reporting(E_ALL | E_STRICT);

$servername = "localhost";
$serverUsername = "root";
$serverPassword = "";

// Create connection
$conn = mysqli_connect($servername, $serverUsername, $serverPassword);
mysqli_select_db($conn, 'users');

// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";

if (isset($_POST["submit"])) {
    $query = mysqli_prepare($conn, "SELECT * FROM user_logons WHERE Username = ? AND Password = ?");
    mysqli_stmt_bind_param ($query , 'ss' , $username , $password);
    mysqli_stmt_execute($query);
    $username = mysqli_real_escape_string($conn, $_POST["username"]);
    $password = password_hash($_POST["password"], PASSWORD_BCRYPT);
    mysqli_stmt_close($query);

}

$usernameErr = $passwordErr = "";

mysqli_close($conn);
?>

Also, do I have to escape the password input if it is hashed?

1 answers

solution1
 3 ACCPTED  2017-09-30 18:43:45

You need to get the input password hashed again and before binding it with your prepare statement. You need to make sure, you are using same encryption method, which was used for storing. 

$username = mysqli_real_escape_string($conn, $_POST["username"]);
$password = password_hash($_POST["password"], PASSWORD_BCRYPT); 

mysqli_stmt_bind_param ($query , 'ss' , $username , $password);
mysqli_stmt_execute($query);

Edited:

As suggested by @Devon in comment, you could also use password_verify

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to check a login password against a hashed password in PHP In PHP how to check if hashed password match database password Retrieve hashed PHP password from database and check against a submitted password in Javascript I need to check if the password is correct but it is hashed in the database How to verify a password against MediaWiki user table hashed password? comparing confirmation password against a hashed password | Laravel 4 How to match a inputted password to hashed password from database? How to verify password against database? Phpass - how to check login username and password against username and password hash in database check hashed password and change it in php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM