使用 password_hash 和 bindParam
Using password_hash with bindParam
我正在尝试使用 Slim Jquery 和 Ajax 创建登录系统。我的登录部分工作时出现的问题很少,现在我只需要能够对密码进行哈希处理。我知道我可以使用 md5、sha1 and/or salt 来散列,但我知道重新开始使用 password_hash。我知道如何与我提到的其他 3 个中的任何一个进行哈希运算,因为在使用 bindParam 时,您可以将它放在变量周围。我的问题是,如何将 password_hash 与 bindParam 一起使用。我在这个网站上找到的最接近的答案没有多大帮助。
我当前的代码是:
$app->post('/addUser/', 'addUser');
function addUser()
{
$request = \Slim\Slim::getInstance()->request();
$q = json_decode($request->getBody());
$sql = "INSERT INTO users(firstName, lastName, userName, password) VALUES (:firstName, :lastName, :userName, :password)";
try{
$dbConnection();
$stmt=$db->prepare($sql);
$stmt->bindParam("firstName", $q->firstName);
$stmt->bindParam("lastName", $q->lastName);
$stmt->bindParam("userName", $q->userName);
$stmt->bindParam("password", $q->password);
$stmt->execute();
$db=null;
}
catch(PDOException $e){
echo $e->getMessage();
}
}
验证码:
$app->post('/logIn/', 'lonIn');
function logIn()
{
$request = \Slim\Slim::getInstance()->request();
$q = json_decode($request->getBody());
$sql = "SELECT * FROM users WHERE userName=:userName";
try{
$db = getConnection();
$stmt=$db->prepare($sql);
$stmt->bindParam("userName", $q->userName);
$execute = $stmt->execute();
$db = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
if($execute == true)
{
$array = $stmt->fetch(PDO::FETCH_ASSOC);
$hashedPassword = $array['password'];
if(password_verify($q->password), $hashedPassword))
{
echo 'Valid';
}
else
{
echo 'Invalid';
}
}
}
如有任何帮助,我们将不胜感激。
要加密密码,您需要创建一个新变量 $hashedPassword,您将为每个用户将其存储在数据库中。验证用户时,您将 select 来自数据库的用户传递他们的用户名并使用 password_verify($passToBeVerified,$ourHashedpasswordfromDb) 这将 return 一个布尔值。
$app->post('/addUser/', 'addUser');
function addUser() {
$request = \Slim\Slim::getInstance()->request();
$q = json_decode($request->getBody());
$hashedPassword = password_hash($q->password, PASSWORD_BCRYPT);
$sql = "INSERT INTO users(firstName, lastName, userName, password) VALUES (:firstName, :lastName, :userName, :password)";
try {
$dbConnection();
$stmt = $db->prepare($sql);
$stmt->bindParam(":firstName", $q->firstName);
$stmt->bindParam(":lastName", $q->lastName);
$stmt->bindParam(":userName", $q->userName);
$stmt->bindParam(":password", $hashedPassword);
$execute = $stmt->execute();
if ($execute == true) {
$verifyUser = verifyUser($q->password, $q->userName);
if ($verifyUser == TRUE) {
echo 'valid Username and Password';
} else {
echo 'Invalid Username and password';
}
}
$db = null;
} catch (PDOException $e) {
echo $e->getMessage();
}
}
function verifyUser($passWordToVerify, $userNameToVerify) {
// $request = \Slim\Slim::getInstance()->request();
// $q = json_decode($request->getBody());
//Select a user data according to their username
$sql = "select firstName, lastName, userName, password from users where userName = :userName";
try {
$dbConnection();
$stmt = $db->prepare($sql);
$stmt->bindParam(":userName", $userNameToVerify);
$execute = $stmt->execute();
$db = null;
} catch (PDOException $e) {
echo $e->getMessage();
}
if ($execute == True) {
/*
* if the query executes and returs the user saved user details lets now compare
* the password from the db and the password that the user has entered
*/
$array = $stmt->fetch(PDO::FETCH_ASSOC);
$hashedPassword = $array['password'];
if (password_verify($passWordToVerify, $hashedPassword)) {
echo 'Password is valid!';
return true;
} else {
echo 'Invalid password.';
return false;
}
}
}
我正在尝试使用 Slim Jquery 和 Ajax 创建登录系统。我的登录部分工作时出现的问题很少,现在我只需要能够对密码进行哈希处理。我知道我可以使用 md5、sha1 and/or salt 来散列,但我知道重新开始使用 password_hash。我知道如何与我提到的其他 3 个中的任何一个进行哈希运算,因为在使用 bindParam 时,您可以将它放在变量周围。我的问题是,如何将 password_hash 与 bindParam 一起使用。我在这个网站上找到的最接近的答案没有多大帮助。
我当前的代码是:
$app->post('/addUser/', 'addUser');
function addUser()
{
$request = \Slim\Slim::getInstance()->request();
$q = json_decode($request->getBody());
$sql = "INSERT INTO users(firstName, lastName, userName, password) VALUES (:firstName, :lastName, :userName, :password)";
try{
$dbConnection();
$stmt=$db->prepare($sql);
$stmt->bindParam("firstName", $q->firstName);
$stmt->bindParam("lastName", $q->lastName);
$stmt->bindParam("userName", $q->userName);
$stmt->bindParam("password", $q->password);
$stmt->execute();
$db=null;
}
catch(PDOException $e){
echo $e->getMessage();
}
}
验证码:
$app->post('/logIn/', 'lonIn');
function logIn()
{
$request = \Slim\Slim::getInstance()->request();
$q = json_decode($request->getBody());
$sql = "SELECT * FROM users WHERE userName=:userName";
try{
$db = getConnection();
$stmt=$db->prepare($sql);
$stmt->bindParam("userName", $q->userName);
$execute = $stmt->execute();
$db = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
if($execute == true)
{
$array = $stmt->fetch(PDO::FETCH_ASSOC);
$hashedPassword = $array['password'];
if(password_verify($q->password), $hashedPassword))
{
echo 'Valid';
}
else
{
echo 'Invalid';
}
}
}
如有任何帮助,我们将不胜感激。
要加密密码,您需要创建一个新变量 $hashedPassword,您将为每个用户将其存储在数据库中。验证用户时,您将 select 来自数据库的用户传递他们的用户名并使用 password_verify($passToBeVerified,$ourHashedpasswordfromDb) 这将 return 一个布尔值。
$app->post('/addUser/', 'addUser');
function addUser() {
$request = \Slim\Slim::getInstance()->request();
$q = json_decode($request->getBody());
$hashedPassword = password_hash($q->password, PASSWORD_BCRYPT);
$sql = "INSERT INTO users(firstName, lastName, userName, password) VALUES (:firstName, :lastName, :userName, :password)";
try {
$dbConnection();
$stmt = $db->prepare($sql);
$stmt->bindParam(":firstName", $q->firstName);
$stmt->bindParam(":lastName", $q->lastName);
$stmt->bindParam(":userName", $q->userName);
$stmt->bindParam(":password", $hashedPassword);
$execute = $stmt->execute();
if ($execute == true) {
$verifyUser = verifyUser($q->password, $q->userName);
if ($verifyUser == TRUE) {
echo 'valid Username and Password';
} else {
echo 'Invalid Username and password';
}
}
$db = null;
} catch (PDOException $e) {
echo $e->getMessage();
}
}
function verifyUser($passWordToVerify, $userNameToVerify) {
// $request = \Slim\Slim::getInstance()->request();
// $q = json_decode($request->getBody());
//Select a user data according to their username
$sql = "select firstName, lastName, userName, password from users where userName = :userName";
try {
$dbConnection();
$stmt = $db->prepare($sql);
$stmt->bindParam(":userName", $userNameToVerify);
$execute = $stmt->execute();
$db = null;
} catch (PDOException $e) {
echo $e->getMessage();
}
if ($execute == True) {
/*
* if the query executes and returs the user saved user details lets now compare
* the password from the db and the password that the user has entered
*/
$array = $stmt->fetch(PDO::FETCH_ASSOC);
$hashedPassword = $array['password'];
if (password_verify($passWordToVerify, $hashedPassword)) {
echo 'Password is valid!';
return true;
} else {
echo 'Invalid password.';
return false;
}
}
}