【发布时间】:2017-03-06 23:51:18
【问题描述】:
我尝试创建更安全的注册页面然后我添加此代码作为密码
$pas_usr = mysqli_real_escape_string($koneksi, $_POST['pas_usr']);
$pas_usr = password_hash($pas_usr, PASSWORD_BCRYPT);
结果是密码列被加密
然后在登录页面,当我尝试验证它时,它说密码错误
这是我的登录页面:
//memulai session baru
session_start();
//memanggil koneksi
include "koneksi.php";
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($koneksi, $username);
$password = mysqli_real_escape_string($koneksi, $password);
$hashquery = mysqli_fetch_assoc(mysqli_query($koneksi, "SELECT * FROM `user` WHERE log_usr = '$username'"));
$hash=$hashquery['hash'];
if(password_verify($password, $hash)){
$query = mysqli_query($koneksi, "SELECT * from user WHERE log_usr='$username'");
$exitCount=mysqli_num_rows($query);
if($exitCount==1){
$data = mysqli_fetch_array($query);
$id = $data["log_usr"];
$lvl = $data["sts_usr"];
if ($lvl=='A')
{
$link = 'index.html';
}
elseif($lvl='U')
{
$link = 'index.php';
}
$_SESSION['username'] = $username;
header ("location:$link");
exit();
}else{
echo "<script>alert('Username dan Password tidak valid.'); window.location = 'index.php'</script>";
}
}else{
echo "<script>alert('Username dan Password tidak valid.'); window.location = 'index.php'</script>";
}
【问题讨论】:
-
你的 password_verify() 方法在哪里?也请出示上面写的代码..
-
@PHPGeek password_verify 是一个 PHP 函数
-
您希望用户输入散列密码吗?因为您将来自
$_POST['password']的用户输入放入$hash -
@Memor-X 所以我需要在数据库中分别输入哈希和普通密码?