我无法让我的 php 身份验证在以下程序上工作。我的 token 不匹配,我不知道为什么。我已经确认在 mysql 数据库中调用了正确的 is 字段,但我一直被拒绝访问,因为 token 不一样。感谢任何帮助/见解。
<?php //
require_once 'dlogin.php';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) die($connection->connect_error);
if (isset($_SERVER['PHP_AUTH_USER']) &&
isset($_SERVER['PHP_AUTH_PW']))
{
$un_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_USER']);
$pw_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_PW']);
$query = "SELECT * FROM users WHERE username='$un_temp'";
$result = $connection->query($query);
if (!$result) die ($connection->error);
elseif ($result->num_rows)
{
$row = $result->fetch_array(MYSQLI_NUM);
$result->close();
$salt1 = "qm&h*";
$salt2 = "pg!@";
$token = hash('ripemd128', "$salt1$pw_temp$salt2");
if ($token == $row[3]) echo "$row[0] $row[1] : Hi $row[0], you are now logged in as '$row[2]'";
else die("Invalid username/password combination, token");
}
else die("Invalid username/password combination");
}
else
{
header('WWW-Authenticate: Basic realm="Restricted Section"');
header('HTTP/1.0 401 Unauthorized');
die ("Please enter your name and password");
}
$connection->close();
function mysql_entities_fix_string($connection, $string)
{
return htmlentities(mysql_fix_string($connection, $string));
}
function mysql_fix_string($connection, $string)
{
if(get_magic_quotes_gpc()) $string = stripslashes($string);
return $connection->real_escape_string($string);
}
?>
最佳答案
试试这个
$token = hash('ripemd128', "$salt1$pw_temp$salt2");
echo "NEW TOKEN: "+$token
echo '<br>';
echo "STRING: $salt1$pw_temp$salt2";
echo '<br>';
echo "DB Token: "+$row[3];
现在要么将新 token 输出放入数据库中,要么尝试使用可靠来源重新散列字符串并检查差异。
关于php - 为什么在以下 PHP 代码中验证密码 token 时出错?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31908411/