问题描述
我有一个使用Laravel构建的网络应用。我在另一个网站上工作,但不在Laravel上。我需要使用Laravel站点数据库上的users表对这个新站点上的用户进行身份验证。密码使用bcrypt散列。
我试图在用户登录之前验证密码,但是我似乎遗漏了一些东西。谁能帮忙吗?
<?PHP
if (isset($_POST['login'])) {
$user = MysqLi_real_escape_string($_POST['email']);
$pass = MysqLi_real_escape_string($_POST['password']); //input entered
$dpass = password_hash('$pass',PASSWORD_DEFAULT)."\n";
echo $dpass;
$query = MysqLi_query($conn,"SELECT * FROM users WHERE `email` = '$user' AND `password` ='$pass'");
$numrows = MysqLi_num_rows($query);
if ($numrows != 0) {
while ($row = MysqLi_fetch_assoc($query)) {
$dbemail = $row['email'];
$dbpassword = $row['password'];
}
if ($user === $dbemail && password_verify($pass,$dbpassword)) {
session_start();
$_SESSION['email'] = $username;
// Redirect browser
header("Location:mentor.PHP");
}
} else {
echo "<div class='alert alert-danger alert-dismissible'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<strong>Warning!</strong> Invalid credentials.
</div>";
}
}
?>
解决方法
经过上述评论的建议,我得出了行之有效的方法。
<?php
if(isset($_POST['login'])){
$user = mysqli_real_escape_string($conn,$_POST['email']);
$pass = mysqli_real_escape_string($conn,$_POST['password']); //input entered
$query = mysqli_query($conn,"SELECT * FROM users WHERE `email` = '$user'");
$numrows = mysqli_num_rows($query);
if($numrows !=0)
{
while($row = mysqli_fetch_assoc($query))
{
$dbemail=$row['email'];
$dbpassword=$row['password'];
}
if(password_verify($pass,$dbpassword))
{
session_start();
$_SESSION['email'] = $username;
//Redirect Browser
}
}
else
{
echo "<div class='alert alert-danger alert-dismissible'>
<a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a>
<strong>Warning!</strong> Invalid credentials.
</div>";
}
}?>
,
不确定,但是您尝试过
password_verify(mysqli_real_escape_string($_POST['password']),$dbpassword)
我的意思是将未加密的密码与哈希值进行比较。在laravel中
Hash::check()
还希望将非哈希密码作为参数。