0

How do I compare hashed passwords that are stored in the database to a user inputted password, I need to do thsi so that the user could log in.

Here's how I hashed my password (using phps crypt method)

$hashedpass = crypt($password);
            $sql = "INSERT INTO accounts (username,password,email) VALUES('{$username}','{$hashedpass}','{$email}')";
            $conn->query($sql);

This is how I compare them to user input

$username = trim($_POST['username']);
        $password = crypt($_POST['password']);
        $sql = "SELECT * FROM accounts WHERE username = '{$username}'  &&  password = '{$password }'LIMIT 1";
        echo "$sql";
        $rs = $conn->query($sql);
        $numRows = $rs->num_rows;
        if($numRows == 1){
            echo "you may log in";
        }

I am 100% sure that I enterd the password correctly but the thing is mysql is not showing results,

4

1 回答 1

0

看一下 crypt 的PHP 文档,因为你没有提供 SALT 值,所以你会得到通常以一个值的散列与另一个相同值的散列不匹配的散列结束。

于 2012-06-24T08:24:52.780 回答