这是我用盐将哈希密码放在数据库上的注册码。
<?php
include '../database/connectDB.php';
if (isset($_POST['submit']))
{
$username= $_POST['leguser'] ;
$password= $_POST['legpass'] ;
$options = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
$pwhash = password_hash($password, PASSWORD_DEFAULT, $options)."'n";
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM tbl_users WHERE fld_username = '". $username ."'");
if (mysql_num_rows($query) > 0)
{
echo "<script>alert('Username already used!');</script>"; }
else
{
mysql_query("INSERT INTO `tbl_users`(fld_username,fld_password)
VALUES ('$username','$pwhash')");
}
}
?>
这是我验证密码的登录代码
<?php
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = '';
$DB_NAME = 'rsi_db';
$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($conn->connect_errno > 0) {
die('Connection failed [' . $conn->connect_error . ']');
}
if (isset($_POST['submit']))
{
$username= $_POST['user'] ;
$password= $_POST['pass'] ;
$sql = "SELECT * FROM tbl_users WHERE fld_username = '$username'";
$result = $conn->query($sql);
if ($result->num_rows === 1) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if (password_verify($password, $row['fld_password'])) {
echo "Match";
}
else
{
echo "not match";
}
}
}
?>
起初我注册了用户名= 1和密码= 1并尝试登录,这是匹配的,但是当我尝试注册有效的用户和密码时,它不匹配。 有人可以帮助我进一步解决此问题吗?
提前谢谢你,我只是一个 php 初学者,请不要很难:)
尾随的新行是你的问题:
$pwhash = password_hash($password, PASSWORD_DEFAULT, $options)."'n";
______
只需将其从行中删除,它就会将一个 60 个字符的字符串保存到您的数据库中。您应该删除的另一件事是盐的生成,然后函数本身将为您生成安全的盐。
$options = ['cost' => 11];
中有 1 个空格
$2y$11$H83GgNapOdRZvmVKYtW5.OwL3P4ju/fBHz/KlMIYCr.1M1hhzJbcO <-here
所以如果你把它限制在60,那么中提琴。 空间现在消失了