一般做法如下:

1. 从数据库中获取 password 哈希，其中 username = 输入的用户名.
2. 如果找到行，那么就有一个用户
3. 现在您将输入的密码与存储在数据库中的哈希值进行比较.

1. Fetch password hash from the database where the username = the inputted username.
2. If rows are found, then there's a user
3. Now you compare the inputted password against the hash stored in the database.

我将在此处用一些伪代码为您概述上述流程:

I'll outline the above flow in some pseudo code for you here:

$query = SELECT password FROM users WHERE username = '$username'

$data = FETCH_THE_DATA($query);

if(password_verify($USER_INPUTTED_PASSWORD, $data['password'])) {
    // password is correct
} else {
    // password is in-correct
}

注意事项

• 停止使用 mysql_* 函数.该库已被弃用，因为它不可靠，并将在 PHP 的未来版本中删除.
  • ***使用 PDO 或 MySQLi 准备好的语句
  • Stop using mysql_* functions. The library is deprecated as it's unreliable and will be removed in future releases of PHP.
    • You're better off using PDO or MySQLi Prepared Statements