我对盐渍和哈希密码完全不熟悉,很抱歉,如果我有点像菜鸟。 但是我试图对我的密码进行加盐和哈希,并且这一切正常,直到我必须登录
if (isset($_POST['btn-login'])) {
$uname = strip_tags($_POST['uname']);
$password = strip_tags($_POST['psw']);
$uname = $DBcon->real_escape_string($uname);
$password = $DBcon->real_escape_string($password);
$salt = "498#2D83B631%3800EBD!801600D*7E3CC13";
$hashed = hash('sha512', $salt.$password);
$query = $DBcon->query("SELECT user_id, uname, psw FROM Users WHERE uname='$uname'");
$row=$query->fetch_array();
$count = $query->num_rows; // if uname/password are correct returns must be 1 row
if (password_verify($hashed, $row['psw']) && $count==1) {
$_SESSION['userSession'] = $row['user_id'];
header("Location: student.php");
} else {
$msg = "<div>
Wrong E-mail or Password!
</div>";
}
$DBcon->close();
}