3

我正在尝试使用 Slim Jquery 和 Ajax 创建登录系统。我已经让日志部分解决了最小的问题,现在我只需要能够对密码进行哈希处理。我知道我可以使用 md5、sha1 和/或 salt 来散列,但我知道建议改用 password_hash。我知道如何与我提到的其他 3 个中的任何一个进行散列,因为在使用 bindParam 时,您可以将它放在变量周围。我的问题是,如何将 password_hash 与 bindParam 一起使用。我在这个网站上找到的最接近的答案没有多大帮助。

我目前的代码是:

$app->post('/addUser/', 'addUser');
function addUser()
{
    $request = \Slim\Slim::getInstance()->request();
    $q = json_decode($request->getBody());

    $sql = "INSERT INTO users(firstName, lastName, userName, password) VALUES (:firstName, :lastName, :userName, :password)";

    try{
        $dbConnection();
        $stmt=$db->prepare($sql);
        $stmt->bindParam("firstName", $q->firstName);
        $stmt->bindParam("lastName", $q->lastName);
        $stmt->bindParam("userName", $q->userName);
        $stmt->bindParam("password", $q->password);
        $stmt->execute();
        $db=null;
    }
    catch(PDOException $e){
        echo $e->getMessage();
    }
}

验证码:

$app->post('/logIn/', 'lonIn');
function logIn()
{
    $request = \Slim\Slim::getInstance()->request();
    $q = json_decode($request->getBody());

    $sql = "SELECT * FROM users WHERE userName=:userName";
    try{
        $db = getConnection();
        $stmt=$db->prepare($sql);
        $stmt->bindParam("userName", $q->userName);
        $execute = $stmt->execute();
        $db = null;
    }
    catch(PDOException $e)
    {
        echo $e->getMessage();
    }
    if($execute == true)
    {
        $array = $stmt->fetch(PDO::FETCH_ASSOC);
        $hashedPassword = $array['password'];
        if(password_verify($q->password), $hashedPassword))
        {
            echo 'Valid';
        }
        else
        {
            echo 'Invalid';
        }
    }
}

任何帮助,将不胜感激。

4

1 回答 1

2

要加密密码,您需要创建一个新变量 $hashedPassword ,您将为每个用户存储在数据库中。验证用户时,您将从数据库中选择一个用户,传递他们的用户名并使用 password_verify($passToBeVerified,$ourHashedpasswordfromDb) 这将返回一个布尔值。

      $app->post('/addUser/', 'addUser');

function addUser() {
    $request = \Slim\Slim::getInstance()->request();
    $q = json_decode($request->getBody());
    $hashedPassword = password_hash($q->password, PASSWORD_BCRYPT);

    $sql = "INSERT INTO users(firstName, lastName, userName, password) VALUES (:firstName, :lastName, :userName, :password)";

    try {
        $dbConnection();
        $stmt = $db->prepare($sql);
        $stmt->bindParam(":firstName", $q->firstName);
        $stmt->bindParam(":lastName", $q->lastName);
        $stmt->bindParam(":userName", $q->userName);
        $stmt->bindParam(":password", $hashedPassword);
        $execute = $stmt->execute();
        if ($execute == true) {
            $verifyUser = verifyUser($q->password, $q->userName);
            if ($verifyUser == TRUE) {
                echo 'valid Username and  Password';
            } else {
                echo 'Invalid Username and password';
            }
        }
        $db = null;
    } catch (PDOException $e) {
        echo $e->getMessage();
    }
}

function verifyUser($passWordToVerify, $userNameToVerify) {
    // $request = \Slim\Slim::getInstance()->request();
    //   $q = json_decode($request->getBody());
    //Select a user data according to their username
    $sql = "select firstName, lastName, userName, password from users where userName = :userName";
    try {
        $dbConnection();
        $stmt = $db->prepare($sql);
        $stmt->bindParam(":userName", $userNameToVerify);
        $execute = $stmt->execute();
        $db = null;
    } catch (PDOException $e) {
        echo $e->getMessage();
    }
    if ($execute == True) {
        /*
         * if the query executes and returs the user saved user details lets now compare
         * the password from the db and the password that the user has entered
         */
        $array = $stmt->fetch(PDO::FETCH_ASSOC);
        $hashedPassword = $array['password'];
        if (password_verify($passWordToVerify, $hashedPassword)) {
            echo 'Password is valid!';
            return true;
        } else {
            echo 'Invalid password.';
            return false;
        }
    }
}
于 2015-05-14T08:06:03.747 回答