晕了,
我在登录我的注册用户时遇到问题,我已经对密码进行了哈希处理,当我登录我的表单时被拒绝,所以我真的不知道是什么问题,因为我直接使用 sql 命令注册的用户实际上可以下面的登录是我的登录脚本...
<?php
include 'db_connect.php';
include 'functions.php';
sec_session_start(); // Our custom secure way of starting a php session.
if(isset($_POST['email'], $_POST['p'])) {
$email = $_POST['email'];
$password = $_POST['p']; // The hashed password.
if(login($email, $password, $mysqli) == true) {
// Login success
echo 'Success: You have been logged in!';
echo '<a href="javascript:window.close();">Close window</a>';
} else {
// Login failed
header('Location: ./login.php?error=1');
}
} else {
// The correct POST variables were not sent to this page.
echo 'Invalid Request';
}
?>
下面是我在 Function.php 文件上的登录函数
function login($email, $password, $mysqli) {
if ($stmt = $mysqli->prepare(
"SELECT id, username, password, salt
FROM members
WHERE email = ?
LIMIT 1"
)) {
$stmt->bind_param('s', $email);
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
$stmt->bind_result($user_id, $username, $db_password, $salt);
$stmt->fetch();
$password = hash('sha512', $password.$salt); // hash the password with the unique salt.
if($stmt->num_rows == 1) {
if(checkbrute($user_id, $mysqli) == true) {
return false;
} else {
if($db_password == $password) {
$ip_address = $_SERVER['REMOTE_ADDR'];
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
$_SESSION['user_id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512', $password.$ip_address.$user_browser);
// Login successful.
return true;
} else {
$now = time();
$mysqli->query(
"INSERT INTO login_attempts (user_id, time)
VALUES ('$user_id', '$now')"
);
return false;
}
}
} else {
// No user exists.
return false;
}
}
}
下面是我如何将用户注册到数据库
<?php
include 'db_connect.php';
include 'functions.php';
$password = $_POST['p'];
$username = $_POST['username'];
$email = $_POST['email'];
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$password = hash('sha512', $password.$random_salt);
if ($insert_stmt = $mysqli->prepare(
"INSERT INTO members (username,email,password,salt)
VALUES (?, ?, ?, ?)"
)) {
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
// Execute the prepared query.
$insert_stmt->execute();
echo 'Member Succesfully added to the Website list';
} else {
echo 'Error couldnt add the user, Try again';
}
?>
最佳答案
我猜你要么在注册时随机更改了密码---sha512( $password) 和登录名应该相同,以便在查询数据时匹配它--- $Salt 是一个有点困惑?
Login
$_POST['password'] = stripslashes($_POST['password']);
$password = mysql_real_escape_string(sha512($_POST['password']));
Signup
$_POST['password'] = stripslashes($_POST['password']);
$password = mysql_real_escape_string(sha512($_POST['password']));
关于php - 无法登录我的哈希密码,但有一个用户可以登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14705076/