猿问

使用 bcrypt 进行登录验证

我有一个用 Laravel 构建的网络应用程序。我正在另一个网站上工作,但不是在 Laravel 上工作。我需要使用 Laravel 站点数据库上的用户表对这个新站点上的用户进行身份验证。密码使用 bcrypt 进行哈希处理。


我尝试在用户登录之前验证密码,但我似乎遗漏了一些东西。有人可以帮忙吗?


<?php 


if (isset($_POST['login'])) {

    $user  = mysqli_real_escape_string($_POST['email']);

    $pass  = mysqli_real_escape_string($_POST['password']); //input entered

    $dpass = password_hash('$pass', PASSWORD_DEFAULT)."\n";

    echo $dpass;

    

    $query   = mysqli_query($conn, "SELECT * FROM users WHERE `email` = '$user' AND `password` ='$pass'");

    $numrows = mysqli_num_rows($query);


    if ($numrows != 0) {

        while ($row = mysqli_fetch_assoc($query)) {

            $dbemail    = $row['email'];

            $dbpassword = $row['password'];

        }

        if ($user === $dbemail && password_verify($pass, $dbpassword)) {

            session_start();

            $_SESSION['email'] = $username;

            // Redirect Browser

            header("Location:mentor.php");

        }

    } else {

        echo "<div class='alert alert-danger alert-dismissible'>

            <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>

            <strong>Warning!</strong> Invalid credentials.

        </div>";

    }

}


?>


青春有我
浏览 135回答 2
2回答

撒科打诨

经过上述评论的建议后,我得出了这个有效的结论。&nbsp;<?php&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; if(isset($_POST['login'])){&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$user = mysqli_real_escape_string($conn,$_POST['email']);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$pass = mysqli_real_escape_string($conn,$_POST['password']); //input entered&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$query = mysqli_query($conn, "SELECT * FROM users WHERE `email` = '$user'");&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$numrows = mysqli_num_rows($query);&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;if($numrows !=0)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;{&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;while($row = mysqli_fetch_assoc($query))&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;{&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$dbemail=$row['email'];&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$dbpassword=$row['password'];&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;}&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;if(password_verify($pass, $dbpassword))&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;session_start();&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;$_SESSION['email'] = $username;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;//Redirect Browser&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;}&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;}&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;else&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;{&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; echo "<div class='alert alert-danger alert-dismissible'>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <strong>Warning!</strong> Invalid credentials.&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </div>";&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;}&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }?>

智慧大石

不确定,但你尝试过吗password_verify(mysqli_real_escape_string($_POST['password']),&nbsp;$dbpassword)我的意思是比较未加密的密码与哈希值。在 Laravel 中Hash::check()还需要非哈希密码作为参数。
随时随地看视频慕课网APP
我要回答