PHP代码转换密码

a7741200

[PHP] 纯文本查看 复制代码

<?php

namespace app\index\controller;

use app\BaseController;
use app\index\service\LoginService;
use app\model\user\User;
use PDO;
use think\db\exception\PDOException;
use think\facade\View;

class Login extends BaseController
{
    /**
     * 登录
     */
    public function index(LoginService $loginService)
    {
        if (request()->isPost()) {
            $param = input('post.');

            $host="127.0.0.1";
            $dbname="Account";
            $user="sa";
            $pass="123456";
            try {
                $dbh = new PDO("sqlsrv:Server=$host;Database=$dbname", $user, $pass);
            } catch(PDOException $e) {
                echo $e->getMessage();
                exit;
            }
            // 执行查询操作
            $query = "SELECT account, password FROM user WHERE account = :phone and password = :password";
            $stmt = $dbh->prepare($query);
            $stmt->bindParam(':phone', $param['phone']);
            $stmt->bindParam(':password', $param['password']);

// 执行查询操作
            $stmt->execute();
            $row = $stmt->fetch(PDO::FETCH_ASSOC);
            if($row){
                //查询 注册

                $userModel = new User();

                $userInfo = $userModel->where('nickname', $param['phone'])->find();
                if (empty($userInfo)) {
                    $regParam = [
                        'code' => uniqid(),
                        'source_id' => 3,
                        'nickname' => $param['phone'],
                        'phone' => $param['phone'],
                        'avatar' => '/static/home/default/image/avatar.jpeg',
                        'password' => makePassword($param['password']),
                        'register_time' => now(),
                        'create_time' => now()
                    ];

                    $res = $userModel->insertOne($regParam);

                    if ($res['code'] == 0) {
                        $userInfo = $userModel->where('nickname', $param['phone'])->find();

                    }
                }
                session('home_user_id', $userInfo['id']);
                session('home_user_name', $userInfo['nickname']);
                session('home_user_avatar', $userInfo['avatar']);
                return json(dataReturn(0, "登陆成功"));
            }else{
                return json(dataReturn(-1, "登录失败"));
            }


            // 清理资源
            unset($stmt);
            unset($dbh);





            unset($dbh); unset($stmt);

        }

        return View::fetch();
    }

    /**
     * 注册
     */
    public function reg(LoginService $loginService)
    {
        if (request()->isPost()) {

            return json($loginService->doReg(input('post.')));
        }

        return View::fetch();
    }

    /**
     * 退出登录
     */
    public function loginOut()
    {
        session('home_user_id', null);
        session('home_user_name', null);
        session('home_user_avatar', null);

        return redirect('/index/cate');
    }

    /**
     * 验证码
     */
    public function captcha()
    {
        View::assign([
            'phone' => input('param.phone'),
            'type' => input('param.type')
        ]);

        return View::fetch();
    }

    /**
     * 忘记密码
     */
    public function forget(LoginService $loginService)
    {
        if (request()->isPost()) {

            return json($loginService->forgetPassword(input('post.')));
        }

        return View::fetch();
    }
}

以上代码中的账号登录是连接mssql 。那么我想把密码进行加密后的结果与数据库中password字段中的结果进行对比，如果一样就登录成功。
因为写入数据库的密码是经过加密的。所以使用登录功能就需要验证用户输入的密码也经过相同方式加密后是否与数据库中一样。
密码加密方式是C#（PasswordHash.cs）

a7741200

因为不懂。所以是否可以将此PHP代码做最小的更改，然后使用API进行验证？

marksx

根据手机号查询出账号，在进行密码比较不就行了？做成接口没明白啥意思

vscos

有些加密在PHP中没有现成的加密涵数，要加密，只能自已写加密代码，

jiujiukeji

a7741200 发表于 2024-3-11 01:12
因为不懂。所以是否可以将此PHP代码做最小的更改，然后使用API进行验证？

你可以前端明文发送 后端加密后  去和数据库匹配啊

zkl998

解读非常详细啊

zozoylolo

参照DISCUZX的密码加密方式，随机生成唯一salt，账号注册时，输入密码使用salt进行加密写入数据库，登录时需要验证的密码先用salt加密后，再与数据库保存的密码比较，如果一致则登录成功。

a7741200

jiujiukeji 发表于 2024-3-11 08:53
你可以前端明文发送 后端加密后  去和数据库匹配啊

问题是我做了一个后端API程序。但是这个PHP的前端我不知道如何修改。发送账号密码给后端~后端接收然后转换后对比结果返回给这个PHP！主要是PHP不知道怎么搞。不会PHP

a7741200

jiujiukeji 发表于 2024-3-11 08:53
你可以前端明文发送 后端加密后  去和数据库匹配啊

[C#] 纯文本查看 复制代码

using Microsoft.AspNetCore.Mvc;
using System;
using System.Data.SqlClient;
using System.Linq; // 用于SequenceEqual方法
using System.Text; // 如果使用GetAccountPasswordHash方法需要这个命名空间

namespace AionAPI.Controllers
{
    [Route("api/[controller]")]
    [ApiController]
    public class AuthController : ControllerBase
    {
        private readonly SqlConnection _connection;

        public AuthController()
        {
            _connection = new SqlConnection("Server=127.0.0.1;Database=Account;User Id=sa;Password=123456;Connection Timeout=200");
        }

        [HttpPost]
        [Route("Authenticate")]
        public IActionResult Authenticate(LoginModel model)
        {
            _connection.Open();
            using (SqlCommand sqlCommand = _connection.CreateCommand())
            {
                sqlCommand.CommandText = "SELECT password FROM user WHERE account = @account";
                sqlCommand.Parameters.AddWithValue("@account", model.Username);
                SqlDataReader reader = sqlCommand.ExecuteReader();
                if (reader.Read())
                {
                    byte[] storedPassword = (byte[])reader["password"];
                    byte[] inputPasswordHash = GetAccountPasswordHash(model.Password);

                    if (inputPasswordHash.SequenceEqual(storedPassword))
                    {
                        return Ok(new { message = "身份验证成功", Account = new { Username = model.Username } });
                    }
                    else
                    {
                        return BadRequest(new { message = "用户名或密码不正确" });
                    }
                }
                else
                {
                    return BadRequest(new { message = "用户名或密码不正确" });
                }
            }
        }

        private byte[] GetAccountPasswordHash(string input)
        {

            byte[] array = new byte[17];
            byte[] array2 = new byte[17];
            byte[] bytes = Encoding.ASCII.GetBytes(input);
            for (int i = 0; i < input.Length; i++)
            {
                array[i + 1] = bytes[i];
                array2[i + 1] = array[i + 1];
            }
            long num = (long)((ulong)array[1] + (ulong)array[2] * 256UL + (ulong)array[3] * 65536UL + (ulong)array[4] * 16777216UL);
            long num2 = num * 213119L + 2529077L;
            num2 -= num2 / 4294967296L * 4294967296L;
            num = (long)((ulong)array[5] + (ulong)array[6] * 256UL + (ulong)array[7] * 65536UL + (ulong)array[8] * 16777216UL);
            long num3 = num * 213247L + 2529089L;
            num3 -= num3 / 4294967296L * 4294967296L;
            num = (long)((ulong)array[9] + (ulong)array[10] * 256UL + (ulong)array[11] * 65536UL + (ulong)array[12] * 16777216UL);
            long num4 = num * 213203L + 2529589L;
            num4 -= num4 / 4294967296L * 4294967296L;
            num = (long)((ulong)array[13] + (ulong)array[14] * 256UL + (ulong)array[15] * 65536UL + (ulong)array[16] * 16777216UL);
            long num5 = num * 213821L + 2529997L;
            num5 -= num5 / 4294967296L * 4294967296L;
            array[4] = (byte)(num2 / 16777216L);
            array[3] = (byte)((num2 - (long)((int)array[4] * 16777216)) / 65536L);
            array[2] = (byte)((num2 - (long)((int)array[4] * 16777216) - (long)((int)array[3] * 65536)) / 256L);
            array[1] = (byte)(num2 - (long)((int)array[4] * 16777216) - (long)((int)array[3] * 65536) - (long)((int)array[2] * 256));
            array[8] = (byte)(num3 / 16777216L);
            array[7] = (byte)((num3 - (long)((ulong)array[8] * 16777216UL)) / 65536L);
            array[6] = (byte)((num3 - (long)((ulong)array[8] * 16777216UL) - (long)((int)array[7] * 65536)) / 256L);
            array[5] = (byte)(num3 - (long)((ulong)array[8] * 16777216UL) - (long)((int)array[7] * 65536) - (long)((int)array[6] * 256));
            array[12] = (byte)(num4 / 16777216L);
            array[11] = (byte)((num4 - (long)((ulong)array[12] * 16777216UL)) / 65536L);
            array[10] = (byte)((num4 - (long)((ulong)array[12] * 16777216UL) - (long)((int)array[11] * 65536)) / 256L);
            array[9] = (byte)(num4 - (long)((ulong)array[12] * 16777216UL) - (long)((int)array[11] * 65536) - (long)((int)array[10] * 256));
            array[16] = (byte)(num5 / 16777216L);
            array[15] = (byte)((num5 - (long)((ulong)array[16] * 16777216UL)) / 65536L);
            array[14] = (byte)((num5 - (long)((ulong)array[16] * 16777216UL) - (long)((int)array[15] * 65536)) / 256L);
            array[13] = (byte)(num5 - (long)((ulong)array[16] * 16777216UL) - (long)((int)array[15] * 65536) - (long)((int)array[14] * 256));
            array2[1] = (byte)(array2[1] ^ array[1]);
            int j = 1;
            while (j < 16)
            {
                j++;
                array2[j] = (byte)(array2[j] ^ array2[j - 1] ^ array[j]);
            }
            j = 0;
            while (j < 16)
            {
                j++;
                bool flag2 = array2[j] == 0;
                if (flag2)
                {
                    array2[j] = 102;
                }
            }
            byte[] array3 = new byte[16];
            Buffer.BlockCopy(array2, 1, array3, 0, 16);
            return array3;
        }

        public static string ToHexString(byte[] bytes)
        {
            string hexString = string.Empty;
            if (bytes != null)
            {
                System.Text.StringBuilder strB = new System.Text.StringBuilder();
                for (int i = 0; i < bytes.Length; i++)
                {
                    strB.Append(bytes[i].ToString("X2"));
                }
                hexString = strB.ToString();
            }
            return hexString;
        }
    }
}

    public class LoginModel
    {
        public string Username { get; set; }
        public string Password { get; set; }
    }

后端的控制器是这样的！