{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 仙女界的扛把子 的问题《Comparing/check if correct Password from mysqli da》','https://www.manongdao.com/q-1151717.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm using:
$password = hash_hmac('sha512', 'salt' . $password, $_SERVER['site_key']);
to store and encrypt the password into database on registration.
For login: I need to compare password, how do I do that ?
Here's my full code:
<?php
session_start();
$mysqli = mysqli_connect("localhost", "", "", "");
$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"])){
if(empty($_POST["emailadd"]) || empty($_POST["password"])){
$error = "Both fields are required.";
}
else {
// Define $emailadd and $password
$emailadd=$_POST['emailadd'];
$password=$_POST['password'];
// To protect from MySQL injection
$emailadd = stripslashes($emailadd);
$password = stripslashes($password);
$emailadd = mysqli_real_escape_string($mysqli, $emailadd);
$password = mysqli_real_escape_string($mysqli, $password);
$password = hash_hmac('sha512', 'salt' . $password, $_SERVER['site_key']);
//Check username and password from database
$sql="SELECT * FROM member WHERE emailadd='$emailadd'";
$result=mysqli_query($mysqli,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1 and $password == hash_hmac('sha512', 'salt' . $_REQUEST['password'], $_SERVER['site_key'] )){
$_SESSION['emailadd'] = $login_user; // Initializing Session
header("location: pages/dashboard.html"); // Redirecting To Other Page
}else{
$error = "Incorrect email address or password.";
}
}
}
?>
I just can't seem to get it right, could someone advice me please,Thanks
Just hash the password the user types in when they login the same way you hash it when they register, then get the encrypted password from the database and compare them