我用来验证的内容
// username and password sent from form
$myusername= filter_var($_POST['myusername'], FILTER_SANITIZE_STRING);
$mypassword= filter_var($_POST['mypassword'], FILTER_SANITIZE_STRING);
$sql = $dbh->prepare("SELECT * FROM $tblname WHERE UserLogin='$myusername'");
$sql->execute();
$sql = $sql->fetch();
$password_hash = $sql['UserPass'];
/*** close the database connection ***/
$dbh = null;
if(crypt($mypassword, $password_hash) == $password_hash){
我用来创建密码的东西
$salt = blowfishSalt();
$mypassword = crypt($mypassword, $salt);
$stmt = $dbh->prepare('INSERT INTO Users(UserLogin, UserPass, UserEmail, admin) VALUES(:UserLogin, :UserPass, :UserEmail, :admin)');
$stmt->execute(array(
':UserLogin' => $myusername,
':UserPass' => $mypassword,
':UserEmail' => $myemail,
':admin' => $admin
));
河豚盐()
function blowfishSalt($cost = 13) {
if (!is_numeric($cost) || $cost < 4 || $cost > 31) {
throw new Exception("cost parameter must be between 4 and 31");
}
$rand = array();
for ($i = 0; $i < 8; $i += 1) {
$rand[] = pack('S', mt_rand(0, 0xffff));
}
$rand[] = substr(microtime(), 2, 6);
$rand = sha1(implode('', $rand), true);
$salt = '$2a$' . sprintf('%02d', $cost) . '$';
$salt .= strtr(substr(base64_encode($rand), 0, 22), array('+' => '.'));
return $salt;
}
必须为函数删除 {},以便它在 stackoverflow 中正确格式化。我还使用 char(128) 将密码存储在 mysql 数据库中。