password_verify($plain_text, $hashed_text)
$plain_text에는 평문값을 입력하며, $hashed_text에는 BCrypt 형식으로 해싱된 텍스트를 집어넣습니다. BCrypt는 특성상 해싱값에 솔트(salt)가 들어가기 때문에 일반적인 텍스트 비교는 솔트값을 모른다면 불가능하며, 위의 방법으로 대조해야 합니다. 평문과 해싱값이 일치하면 true, 아니면 false를 반환합니다.
예제
logic_proc.php 18번 라인에 있습니다.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| header('Content-Type: text/html; charset=utf-8'); | |
| $pst_url = $_POST['url']; | |
| echo $pst_url."<br>"; | |
| include "./../../init-db.php"; | |
| $sql = "update misc set value = '$pst_url' where service_category = 'now' and service_name = 'url'"; | |
| $result = $mysqli->query($sql); | |
| echo "result: ".$result."<br>"; | |
| if($result >= 1){ | |
| echo "<a href='./../index.php'>now 바로가기</a>"; | |
| } | |
| ?> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php session_start(); ?> | |
| <!DOCTYPE html> | |
| <html lang="ko"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| <title>Document</title> | |
| </head> | |
| <body> | |
| <?php | |
| if(!isset($_SESSION['now_username'])) { | |
| ?> | |
| <script> | |
| document.location.href = './login.php'; | |
| </script> | |
| <?php | |
| } else if($_SESSION['now_username'] == "admin") { | |
| ?> | |
| <form action="./enroll_proc.php" method="post"> | |
| 주소: <input type="url" id="input-url" name="url"><button>전송</button> | |
| </form> | |
| <?php | |
| } | |
| ?> | |
| </body> | |
| </html> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| include "./../init-db.php"; | |
| $sql = "select * from misc where service_category='now' and service_name='url'"; | |
| $result = $mysqli->query($sql); | |
| $row = $result->fetch_array(MYSQLI_ASSOC); | |
| $url = $row['value']; | |
| //echo $url; | |
| header("Location: ".$url); | |
| ?> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="ko"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| <title>now – 로그인</title> | |
| </head> | |
| <body> | |
| <form action="./login_proc.php" method="post"> | |
| id: <input type="text" name="username"><br> | |
| pwd: <input type="password" name="password"><br> | |
| <button>전송</button> | |
| </form> | |
| </body> | |
| </html> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| session_start(); | |
| include "./../../init-db.php"; | |
| $pst_id = $_POST['username']; | |
| $pst_pwd = $_POST['password']; | |
| if($pst_id == "admin"){ | |
| $sql = "select * from person_mysql where name = '$pst_id'"; | |
| $result = $mysqli->query($sql); | |
| if($result->num_rows == 1){ | |
| $row = $result->fetch_array(MYSQLI_ASSOC); | |
| $hash = $row['password']; | |
| if (password_verify($pst_pwd, $hash)) { | |
| $_SESSION['now_username'] = "admin"; | |
| echo "<script>document.location.href='./index.php';</script>"; | |
| } else { | |
| echo 'Invalid password.'; | |
| } | |
| } | |
| } | |
| ?> |
0개의 댓글