我試圖檢查用戶散列的密碼與我在數據庫中保存的密碼。這與this guy幾乎是相同的問題,但我試圖用PDO來做到這一點,我不確定如何從數據庫獲取散列密碼來檢查它。這裏是我目前登錄頁面的代碼:如何使用PDO和Phpass檢查數據庫的登錄信息
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL); ini_set('display_errors', 1);
require_once "/home/carlton/public_html/PHPproject/includes/PasswordHash.php";
if ($_POST){
$form = $_POST;
$username = $form['username'];
$password = $form['password'];
try{
$db = new PDO('mysql:host=localhost;dbname=phpproject', 'root', 'pdt1848!');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PODException $e){
echo "Can't connect to the database";
}
$sql = "SELECT * FROM users WHERE username=:username";
$query = $db->prepare($sql);
$query->execute(array(':username'=>$username, ':password'=>$stored_hash));
$results = $query->fetchAll(PDO::FETCH_ASSOC);
$check = $hash_obj->CheckPassword($password, $stored_hash);
if($check){
print_r("Registered user");
}
else{
print_r("Not a registered user");
}
//login here
}
else{
?>
<form name="login" action="login.php" method="POST">
<label for "username">Username: </label>
<input type="text" name="username"/><br />
<label for "password">Password: </label>
<input type="password" name="password"/><br />
<button type="submit">Submit</button>
<button type="reset">Reset Form</button>
</form>
<?php
}
?>
您可以爲「phpproject」數據庫創建一個單獨的mysql用戶,而不是使用root用戶,從而最大限度地減少應用程序被黑客入侵時其他數據庫的暴露。 – MattBianco