时间戳

首页 > 解决方案 > 使用 bcrypt 进行登录验证

php - 使用 bcrypt 进行登录验证

问题描述

我有一个使用 Laravel 构建的网络应用程序。我正在另一个网站上工作,但不是 Laravel。我需要使用 Laravel 站点数据库上的 users 表对这个新站点上的用户进行身份验证。密码使用 bcrypt 散列。

我试图在用户登录之前验证密码,但我似乎遗漏了一些东西。有人可以帮忙吗?

<?php 

if (isset($_POST['login'])) {
    $user  = mysqli_real_escape_string($_POST['email']);
    $pass  = mysqli_real_escape_string($_POST['password']); //input entered
    $dpass = password_hash('$pass', PASSWORD_DEFAULT)."\n";
    echo $dpass;
    
    $query   = mysqli_query($conn, "SELECT * FROM users WHERE `email` = '$user' AND `password` ='$pass'");
    $numrows = mysqli_num_rows($query);

    if ($numrows != 0) {
        while ($row = mysqli_fetch_assoc($query)) {
            $dbemail    = $row['email'];
            $dbpassword = $row['password'];
        }
        if ($user === $dbemail && password_verify($pass, $dbpassword)) {
            session_start();
            $_SESSION['email'] = $username;
            // Redirect Browser
            header("Location:mentor.php");
        }
    } else {
        echo "<div class='alert alert-danger alert-dismissible'>
            <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>
            <strong>Warning!</strong> Invalid credentials.
        </div>";
    }
}

?>

标签: phplaravelbcrypt

解决方案

在从上述评论中得到建议后,我得出了这个可行的方法。

 <?php 
                        if(isset($_POST['login'])){
                         $user = mysqli_real_escape_string($conn,$_POST['email']);
                         $pass = mysqli_real_escape_string($conn,$_POST['password']); //input entered

                         $query = mysqli_query($conn, "SELECT * FROM users WHERE `email` = '$user'");
                         $numrows = mysqli_num_rows($query);
                         if($numrows !=0)
                         {
                         while($row = mysqli_fetch_assoc($query))
                         {
                         $dbemail=$row['email'];
                         $dbpassword=$row['password'];
                         }
                         if(password_verify($pass, $dbpassword))
                        {
                         session_start();
                         $_SESSION['email'] = $username;
                         //Redirect Browser
                         
                         }
                         }
                         else
                         {
                        echo "<div class='alert alert-danger alert-dismissible'>
                          <a href='#' class='close' data-dismiss='alert' aria-label='close'>&times;</a>
                          <strong>Warning!</strong> Invalid credentials.
                        </div>";
                         }
                        }?>

推荐阅读