所以我有一個PHP身份驗證腳本,一切工作正常。但是我對我編程的方式非常不確定(我對一些東西進行了硬編碼),我希望堆棧能夠通過這個方式來查看並指出任何潛在的問題。PHP登錄驗證與BCrypt
下面是腳本:
<?php
require_once 'Bcrypt.php';
class Mysql {
private $conn;
function __construct() {
$this->conn = new PDO('mysql:host=***;dbname=***;charset=UTF-8','***','***') or
die('There was a problem connecting to the database.');
}
function verify_Username_and_Pass($un, $pwd) {
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
$query = "SELECT *
FROM Conference
WHERE Username = :un";
$stmt = $this->conn->prepare($query);
$stmt->bindParam(':un', $un);
//$stmt->bindParam(':pwd', $pwd);
$stmt->execute();
$row = $stmt->fetchAll();
$hash = $row[0]["Password"];
$is_correct = Bcrypt::check($pwd, $hash);
if ($is_correct) {
// User exist
$firstName = $row[0]["First Name"];
$_SESSION["FirstName"] = $firstName;
return true;
$stmt->close();
}
else {
// User doesn't exist
return false;
$stmt->close();
}
}
}
?>
那麼它是怎樣看?
您應該嘗試在http://codereview.stackexchange.com/上提出此問題 – Tchoupi