|
这个题目已经在这里有了谜底:????????????>????????????How to use password_hash????????????????????????????????????7个
>????????????How do you use bcrypt for hashing passwords in PHP?????????????????????????????????????9个
我获得了这份使命,直到此刻,我一向在行使sha1举办安详掩护.
上礼拜五,先生回到了我们身边,汇报我们行使password_hash.
知道这是来日诰日的事,我试图弄清晰它是怎样事变的,但不要把我的头缠住.
我发明有许多人在评论它,但这些都差池我有效:
How to use password_hash Register And Login
今朝,正如分派的那样,我仅行使PDO并返回到早年的事变代码(行使sha1)
<?php
ob_start();// TEST
include("inc/timer.inc.php");//session
require("inc/database.inc.php");//connection website
$title='website';
if (isset($_POST['formConnection'])) {
$loginConnection = filter_input(INPUT_POST,'loginConnection',FILTER_SANITIZE_FULL_SPECIAL_CHARS );
// Connection sha1- OLD
$passwordConnection = sha1($_POST['passwordConnection']);
// Connection password_hash
//$hash = $profile['password'];
//$passwordConnection = password_verify($_POST['passwordConnection'],$hash);
if (!empty(($loginConnection) AND !empty($passwordConnection))) {
$connection = $website->prepare("SELECT * FROM members WHERE login = ? AND password= ?");
$connection->execute(array($loginConnection,$passwordConnection));
$userExists = $connection->rowCount(); //Test existence et affectation à la session des valeurs
if ($userExists == 1) {
$profile = $connection->fetch();
$_SESSION['idMember'] = $profile['idMember'];
$_SESSION['login'] = $profile['login'];
$_SESSION['status'] = $profile['status'];
header("Location: member-detail.php?idMember=".$_SESSION['idMember']);
} else {
echo "<script>alert("Wrong login or password")</script>";
}
} else {
echo "<script>alert("Please check your login or your password")</script>";
}
}
?>
<body>
<form method="post" action="">
<div class="form-group">
<label for="loginConnection">login</label><br>
<input type="text" class="form-control" name="loginConnection" id="loginConnection"
placeholder="login" required><br><br>
</div>
<div class="form-group">
<label for="passwordConnection">password</label><br>
<input type="password" class="form-control" name="passwordConnection" id="passwordConnection"
placeholder="Mot de Passe" required><br><br>
</div>
<input type="submit" name="formConnection" value="Se connecter">
<div class="form-group">
<a href="subscribe.php">Not subscribed yet?</a>
</div>
</form>
<br><br>
</body>
我知道它应该是布尔值,但我不知道怎样行使它.
是否有循规蹈矩的教程?我也许已经错过了.
感谢
最佳谜底
password_verify()成果将与password_hash()成果团结行使.
您将从password_hash()天生的哈希存储在数据库中.当或人实行登录时,您可以按照哈希测试他们提供的暗码.假如password_verify()返回true,则暗码匹配.
您不该该行使password_hash()来从头哈希暗码,由于you will get a different answer every time(假如行使随机盐,则应这样做).当您行使password_hash()对暗码举办哈希处理赏罚时,默认环境下,它将行使随机盐对哈希举办哈希处理赏罚.该随机盐被编码为功效哈希字符串,以便password_verify()可以行使与原始哈希沟通的盐对其举办验证.
根基上,您应该从数据库中检索实行登录的用户的哈希,并将其提供应password_verify()函数.除了盐之外,哈希还包括有关行使哪个哈希算法的信息.
php.net example
<?php
// See the password_hash() example to see where this came from.
$hash = '$2y$07$BCryptRequires22Chrcte/VlQH0piJtjXl.0t1XkA8pw9dMXTpOq';
if (password_verify('rasmuslerdorf',$hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
?>
(编辑:湖南网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
