0

我目前正在从 md5 切换到 bcrypt,并且可以使用以下代码将 bcrypt 设置到数据库中。

    public function User_Registration($_iPassword, $_iEmail, $_iUsername) {

    $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username OR _iEmail = :email");
    $sth->execute(array(':username' => $_iUsername, ':email'    => $_iEmail ));

    $row = $sth->fetch(PDO::FETCH_ASSOC);
    $_iD = $row['_iD'];

    if ($sth->rowCount() == 0) {        

        $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);   // create a random salt 
        $hash = crypt($_iPassword, '$2a$12$' . $salt);  // hash incoming password - this works on PHP 5.3 and up

        $sth = $this->db->prepare("INSERT INTO users(_iPassword,_iEmail,_iUsername) VALUES ( :hash_pass, :email, :username)");
        $sth->bindValue(":hash_pass", $hash);
        $sth->bindValue(":email", $_iEmail);
        $sth->bindValue(":username", $_iUsername);
        $sth->execute();

        $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username");
        $sth->execute(array(':username' => $_iUsername));

        $me = "me";
        $sth = $this->db->prepare("INSERT INTO friends (friend_one,friend_two,role) VALUES ( :uid, :uid1, :me )");
        $sth->bindValue(":uid",     $row['_iD']);
        $sth->bindValue(":uid1",    $row['_iD']);
        $sth->bindValue(":me",      $me);
        $sth->execute();
    } else {
        return false;
    }
}

但我无法从数据库中取回数据,我目前正在使用以下代码来获取用户登录信息:

    public function User_Login($_iUsername,$_iPassword) {
    $md5_password = crypt($_iPassword);

    $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username AND _iPassword = :password AND _iStatus='1'");
    $sth->bindValue(":username", $_iUsername);
    $sth->bindValue(":password", $md5_password);
    $sth->execute();

    if ($sth->rowCount() == 1) {
        $row = $sth->fetch(PDO::FETCH_ASSOC);
        return $row['_iD'];
    } else {
        return false;
    }
}

从 MySQL 取回哈希密码的正确方法是什么。非常感谢任何建议。

4

2 回答 2

1 
public function User_Login($_iUsername, $_iPassword) {
    $sql = "SELECT _iD, _iPassword FROM users WHERE _iUsername = ? AND _iStatus=1";
    $sth = $this->db->prepare($sql);
    $sth->execute(array($_iUsername));
    $row = $sth->fetch();
    if ($row && crypt($_iPassword, $sth['_iPassword']) == $sth['_iPassword']) {
        return $row['_iD'];
    }
}
于 2013-05-24T03:42:33.827 回答
-1

为了将来的支持,我返回了带有以下代码的加密哈希。

    public function User_Login($_iUsername, $_iPassword) {
    $sth = $this->db->prepare("SELECT _iD FROM users WHERE _iUsername = :username AND _iStatus='1'");
    $sth->bindValue(":username", $_iUsername);
    $sth->execute();

    if ($sth->rowCount() == 1) {
        $row = $sth->fetch(PDO::FETCH_ASSOC);
        return $row['_iD'];
    } else {
        return false;
    }

    $sth = $query->fetch();
    if (crypt($_iPassword, $sth['_iPassword']) == $sth['_iPassword']) {
            header("location:index.php");  
        return $sth;
    }
    return false;
}
于 2013-05-24T01:42:28.630 回答