我想創建一個登錄函數,該函數根據我存儲在數據庫中的密碼來檢查密碼。如果相關,我已經使用phpass在密碼輸入前散列密碼。這是我迄今爲止的代碼;顯然支票將無法工作,因爲我沒有拉從數據庫中$ stored_hash:如何使用PDO從數據庫獲取信息?
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL); ini_set('display_errors', 1);
require "/home/carlton/public_html/PHPproject/includes/PasswordHash.php";
if ($_POST){
$form = $_POST;
$username = $form['username'];
$password = $form['password'];
$hash_obj = new PasswordHash(8, false);
$passwordhash = $hash_obj->HashPassword($password);
$storedhash = this is where i need the code to pull the hashed password from the db;
try{
$db = new PDO('mysql:host=localhost;dbname=phpproject', 'carl', 'pdt1848?');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PODException $e){
echo "Can't connect to the database";
}
$query=$db->prepare("SELECT password FROM users WHERE username=$username");
$check = CheckPassword($password, $stored_hash);
if($check){
print_r("Registered user");
}
else{
print_r("Not a registered user");
}
//login here
}
else{
?>
<form name="login" action="login.php" method="POST">
<label for "username">Username: </label>
<input type="text" name="username"/><br />
<label for "password">Password: </label>
<input type="password" name="password"/><br />
<button type="submit">Submit</button>
<button type="reset">Reset Form</button>
</form>
<?php
}
?>
難道我們假定'新PasswordHash(8,FALSE); '會生成一個非唯一的8位字符串,它將隨機地匹配先前生成的'PasswordHash(8,false)'? – Ohgodwhy
@Ohgodwhy輸入他們的登錄表單中的密碼。它是PHPass的一部分。 – carlgoodtoseeyou
將'WHERE username = $ username「)'更改爲'WHERE username ='$ username'」)'該變量需要用引號括起來。 @carlgoodtoseeyou –