[英]php login to mysql encrypted password
我正在嘗試將php登錄表單設置到我不想修改的現有數據庫中,似乎我已經與數據庫和正確的表建立了所有正確的連接,但是密碼已加密,當我嘗試登錄時顯示“密碼錯誤。請重試
這是我的代碼
/**
* log in with post data
*/
private function dologinWithPostData()
{
// check login form contents
if (empty($_POST['user_name'])) {
$this->errors[] = "Username field was empty.";
} elseif (empty($_POST['user_password'])) {
$this->errors[] = "Password field was empty.";
} elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
// create a database connection, using the constants from config/db.php (which we loaded in index.php)
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// change character set to utf8 and check it
if (!$this->db_connection->set_charset("utf8")) {
$this->errors[] = $this->db_connection->error;
}
// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// escape the POST stuff
$user_name = $this->db_connection->real_escape_string($_POST['user_name']);
// database query, getting all the info of the selected user (allows login via email address in the
// username field)
$sql = "SELECT nickname, user_email, user_password
FROM tbl_users
WHERE nickname = '" . $user_name . "' OR user_email = '" . $user_name . "';";
$result_of_login_check = $this->db_connection->query($sql);
// if this user exists
if ($result_of_login_check->num_rows == 1) {
// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();
// using PHP 5.5's password_verify() function to check if the provided password fits
// the hash of that user's password
if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {
// write user data into PHP SESSION (a file on your server)
$_SESSION['nickname'] = $result_row->user_name;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_login_status'] = 1;
} else {
$this->errors[] = "Wrong password. Try again.";
}
} else {
$this->errors[] = "This user does not exist.";
}
} else {
$this->errors[] = "Database connection problem.";
}
}
}
由於數據庫中存儲的密碼已加密,我如何登錄數據庫?
密碼可能首先被散列,您必須確定在數據庫中存儲密碼時使用的散列函數 。 然后,您可以像下面那樣進行操作,我假設使用廣泛使用但可利用的md5對密碼進行哈希處理,但是如果密碼也添加了鹽,恐怕您也必須學習鹽單詞,否則基於使用的哈希算法幾乎是不可能的。 同樣,使用這種方式訪問數據庫確實很容易受到攻擊,我真的建議您研究PDO 。
$sql = "SELECT nickname, user_email, user_password
FROM tbl_users
WHERE nickname = '" . $user_name . "' OR user_email = '" . $user_name . "'AND user_password = ''" . md5($user_password)."'";
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.