使用 bcrypt 进行登录验证
我有一个用 Laravel 构建的网络应用程序。我正在另一个网站上工作,但不是在 Laravel 上工作。我需要使用 Laravel 站点数据库上的用户表对这个新站点上的用户进行身份验证。密码使用 bcrypt 进行哈希处理。
我尝试在用户登录之前验证密码,但我似乎遗漏了一些东西。有人可以帮忙吗?
<?php
if (isset($_POST['login'])) {
$user = mysqli_real_escape_string($_POST['email']);
$pass = mysqli_real_escape_string($_POST['password']); //input entered
$dpass = password_hash('$pass', PASSWORD_DEFAULT)."\n";
echo $dpass;
$query = mysqli_query($conn, "SELECT * FROM users WHERE `email` = '$user' AND `password` ='$pass'");
$numrows = mysqli_num_rows($query);
if ($numrows != 0) {
while ($row = mysqli_fetch_assoc($query)) {
$dbemail = $row['email'];
$dbpassword = $row['password'];
}
if ($user === $dbemail && password_verify($pass, $dbpassword)) {
session_start();
$_SESSION['email'] = $username;
// Redirect Browser
header("Location:mentor.php");
}
} else {
echo "<div class='alert alert-danger alert-dismissible'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<strong>Warning!</strong> Invalid credentials.
</div>";
}
}
?>
青春有我2回答
-
撒科打诨
经过上述评论的建议后,我得出了这个有效的结论。 <?php if(isset($_POST['login'])){ $user = mysqli_real_escape_string($conn,$_POST['email']); $pass = mysqli_real_escape_string($conn,$_POST['password']); //input entered $query = mysqli_query($conn, "SELECT * FROM users WHERE `email` = '$user'"); $numrows = mysqli_num_rows($query); if($numrows !=0) { while($row = mysqli_fetch_assoc($query)) { $dbemail=$row['email']; $dbpassword=$row['password']; } if(password_verify($pass, $dbpassword)) { session_start(); $_SESSION['email'] = $username; //Redirect Browser } } else { echo "<div class='alert alert-danger alert-dismissible'> <a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a> <strong>Warning!</strong> Invalid credentials. </div>"; } }?> -
智慧大石
不确定,但你尝试过吗password_verify(mysqli_real_escape_string($_POST['password']), $dbpassword)我的意思是比较未加密的密码与哈希值。在 Laravel 中Hash::check()还需要非哈希密码作为参数。
随时随地看视频慕课网APP
PHP