这是我用于
password_hash和的内容
password_verify。以书面形式尝试一下,一旦成功,您就可以开始添加其余代码。
修改表和列的名称以适合。
注意: 这是基本的插入方法。我建议您改用
准备好的语句 。
旁注:password列的长度必须足以容纳hash
VARCHAr(255)。请查阅“脚注”。
插入文件
<?php$DB_HOST = 'xxx';$DB_USER = 'xxx';$DB_PASS = 'xxx';$DB_NAME = 'xxx';$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);if($conn->connect_errno > 0) {die('Connection failed [' . $conn->connect_error . ']');}$password = "rasmuslerdorf";$first_name = "john";$password = password_hash($password, PASSWORD_DEFAULT);$sql = "INSERT INTO users (`name`, `password`) VALUES ('" .$first_name ."', '" .$password ."')"; $query = mysqli_query($conn, $sql); if($query){ echo "Success!";}else{ // echo "Error"; die('There was an error running the query [' . $conn->error . ']');}登录文件
<?php// session_start();$DB_HOST = 'xxx';$DB_USER = 'xxx';$DB_PASS = 'xxx';$DB_NAME = 'xxx';$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);if($conn->connect_errno > 0) { die('Connection failed [' . $conn->connect_error . ']');}$pwd = "rasmuslerdorf";$first_name = "john";//$sql = "SELECt * FROM users WHERe id = 1"; $sql = "SELECt * FROM users WHERe name='$first_name'"; $result = $conn->query($sql); if ($result->num_rows === 1) { $row = $result->fetch_array(MYSQLI_ASSOC); if (password_verify($pwd, $row['password'])) { //Password matches, so create the session // $_SESSION['user'] = $row['user_id']; // header("Location: http://www.example.com/logged_in.php"); echo "Match"; }else{ echo "The username or password do not match"; }} mysqli_close($conn);脚注:
密码列应足够长以容纳哈希。哈希产生的字符长度为72 long,但手册建议为255。
参考:
- http://php.net/manual/zh/function.password-hash.php
“使用bcrypt算法(PHP
5.5.0的默认值)。请注意,此常数旨在随着时间的推移而变化,因为向PHP添加了新的更强大的算法。因此,使用此标识符的结果长度可能会改变因此,建议将结果存储在数据库列中,该列可以扩展到超过60个字符(255个字符是一个不错的选择)。”
