我最近使用的是一个PHP脚本,该脚本应该在Android应用程序注册时对密码进行哈希处理。密码将散列并添加到数据库中,但它不允许我立即登录。也没有出现错误代码。以下是Android的代码:
public LoginRequest( String username, String password, Response.Listener<String> listener) {
super(Request.Method.POST, REGISTER_REQUEST_URL, listener, null);
params = new HashMap<>();
params.put("password", password);
params.put("username", username);
这是我应该使用的PHP脚本:
<?php
require("./Password.php");
$con = mysqli_connect("host", "user", "password", "database");
$typeusername = $_POST["username"];
$typepassword = $_POST["password"];
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $userID, $name, $phone, $username, $password, $email);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
if (password_verify($typepassword, $password)) {
$response["success"] = true;
$response["name"] = $name;
$response["phone"] = $phone;
$response["username"] = $username;
$response["password"] = $password;
$response["email"] = $email;
}
}
echo json_encode($response);
?>
更新:这是基于登录PHP文件的模板,并根据我的需要进行了一些修改。这更接近原始模板的样子:
<?php
require("./Password.php");
$con = mysqli_connect("host", "user", "password", "database");
$username = $_POST["username"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $colUserID, $colName, $colPhone, $colUsername, $colPassword, $colEmail);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
if (password_verify($password, $colPassword)) {
$response["success"] = true;
$response["name"] = $colName;
$response["phone"] = $colPhone;
$response["username"] = $colUsername;
$response["password"] = $colPassword;
$response["email"] = $colEmail;
}
}
echo json_encode($response);
?>
这应该适用于我为此模板所基于的教程系列设置的先前数据库,但它也不起作用。使用常规登录PHP代码,我可以正常登录,但我希望能够在我的数据库中使用散列密码。