php login-system med bcrypt kryptering

Fri, 16 Sep 2011 02:57:21 GMT

Okay,, jeg har fattet hvordan jeg kryptere et password og gemmer det i en MySQL DB...

Men jeg fatter intet af hvordan jeg, tjekker om det angivne password (som jeg vil logge ind med) er det samme som det der st�r i MySQL DB'en.

Koden for signin.php:

PHP kode

 <?php
     require("mysql.open.php");
 
     $username = $_POST["user"];
     $password = $_POST["pass"];
     
     $username = stripslashes($username);
     $password = stripslashes($password);
     
     $username = mysql_real_escape_string($username);
     $password = mysql_real_escape_string($password);
     
     // secure hashing of passwords using bcrypt, needs PHP 5.3+
     // see http://codahale.com/how-to-safely-store-a-password/
     function generateSalt($max = 15) {
         $characterList = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
         $i = 0;
         $salt = "";
         do {
             $salt .= $characterList{mt_rand(0,strlen($characterList)-1)};
             // salt for bcrypt needs to be 22 base64 characters (but just [./0-9A-Za-z]), see http://php.net/crypt
             // just an example; please use something more secure/random than sha1(microtime) :)
             $salt = substr(str_replace('+', '.', base64_encode($salt)), 0, 22);
             $i++;
         } while ($i <= $max);
         return $salt;
     }
     
     $salt = generateSalt();
     
     // 2a is the bcrypt algorithm selector, see http://php.net/crypt
     // 12 is the workload factor (around 300ms on my Core i7 machine), see http://php.net/crypt
     $hash = crypt($password . "$2a$12$" . $salt);
     
     mysql_query("INSERT INTO structure_admin (username, password) VALUES ('$username', '$hash')") or die(mysql_error());
     
     require("mysql.close.php");
     
     header("Location: index.php");
 ?>

Udvikleren.dk - Seneste [bcrypt] forum tr�de

php login-system med bcrypt kryptering