这个登录代码是有效的,但是"$hashedpass"是如何用哈希传递"$2y$10$..."的变量?
再。我需要变量函数"$hashedpass"。如何从数据库中给出"$hashedpass"?每个用户都有可变的传递/哈希。
<?php
$data['error_message'] = $lang['error_empty_login'];
$loginId = $escapeObj->stringEscape($_POST['login_id']);
$hash = password_hash($_POST['login_password'], PASSWORD_DEFAULT);
$hashedpass='$2y$10$.............';
$crypto_pass = password_verify($hash, $hashedpass);
$userId = getUserId($conn, $loginId);
if ($userId)
{
$query = $conn->query("SELECT id,username,email_verified FROM " . DB_ACCOUNTS . " WHERE id=$userId AND password='$hashedpass' AND type='user' AND active=1");
$data['error_message'] = $lang['error_bad_login'];
if ($query->num_rows == 1)
{
$fetch = $query->fetch_array(MYSQLI_ASSOC);
$continue = true;
if ($config['email_verification'] == 1 && $fetch['email_verified'] == 0)
{
$continue = false;
$data['error_message'] = $lang['error_verify_email'];
}
if ($continue == true)
{
$_SESSION['user_id'] = $fetch['id'];
$_SESSION['user_pass'] = $hashedpass;
if (isset($_POST['keep_logged_in']) && $_POST['keep_logged_in'] == true)
{
setcookie('sk_u_i', $_SESSION['user_id'], time() + (60 * 60 * 24 * 7));
setcookie('sk_u_p', $_SESSION['user_pass'], time() + (60 * 60 * 24 * 7));
}
$data['status'] = 200;
$data['redirect_url'] = smoothLink('index.php?tab1=home');
}
}
else
{
$data['error_message'] = $lang['incorrect_password'];
}
}
else
{
$data['error_message'] = $lang['no_user_found'];
}
header("Content-type: application/json; charset=utf-8");
echo json_encode($data);
$conn->close();
exit();
谢谢。
你做错了。 password_verify()期望原始用户输入的密码字符串作为其第一个参数,例如
$pw = $_POST['password'];
$user = $_POST['username'];
$info = get_user_information_from_database($user);
if(password_verify($pw, $info['storedhash'])) {
... password matched hash ...
} else {
... incorrect pw/user
}
换句话说,创建用户记录时,您将保存由 password_hash() 生成的哈希。当您去验证/登录用户时,您检索哈希,然后将哈希和输入的密码与password_verify()一起使用。