当用户注册时,我已经对密码进行了哈希处理...但是当我尝试登录页面时,它显示用户名或密码错误...
下面是哈希代码
// Get values from form
$fullname=$_POST['userid'];
$username=$_POST['username'];
$email=$_POST['uemail'];
$password=$_POST['passid'];
$birthdate=$_POST['birthdate'];
$country=$_POST['mytextarea'];
$hash = hash('sha256', $password);
function createSalt()
{
$text = md5(uniqid(rand(), true));
return substr($text, 0, 3);
}
$salt = createSalt();
$password = hash('sha256', $salt . $hash);
// Insert data into mysql
$sql="INSERT INTO tbl_registration(`fullname`,`username`,`email`,`password`,`birthdate`, `country`) VALUES('{$fullname}', '{$username}', '{$email}', '{$password}', '{$birthdate}', '{$country}' )";
$result=mysql_query($sql);
下面是我使用的登录代码...
// userName and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1 ){
if(crypt($password, $row['Password']) == $row['Password'])
{
header("location:index.php");
exit();
}
}
else {
//echo "Wrong Username or Password";
header("Location:login.php?errorMssg=".urlencode("Wrong Username or Password"));
}
那我现在要做什么..
最佳答案
您正在将散列/加盐密码与文本密码进行比较。
例如: 5a44e87906e4e5dbf7991d5784fd56f14dc426aafbd8dbb7b1e0953e1399f2ad 不等于 foo
注意:mysql 函数已弃用。您应该使用 PDO 或其他。您的代码可以写得更干净一些。如果您需要更好的解释,我可以帮助您。
编辑后的哈希代码:
// Get values from form
$fullname=$_POST['userid'];
$username=$_POST['username'];
$email=$_POST['uemail'];
$password=$_POST['passid'];
$birthdate=$_POST['birthdate'];
$country=$_POST['mytextarea'];
$hash = hash('sha256', $password);
function createSalt()
{
return '2123293dsj2hu2besdbsjdsd';
}
$salt = createSalt();
$password = hash('sha256', $salt . $hash);
// Insert data into mysql
$sql="INSERT INTO tbl_registration(`fullname`,`username`,`email`,`password`,`birthdate`, `country`) VALUES('{$fullname}', '{$username}', '{$email}', '{$password}', '{$birthdate}', '{$country}' )";
$result=mysql_query($sql);
编辑登录代码:
// userName and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$salt = createSalt();
$hash = hash('sha256', $mypassword);
$mypassword = hash('sha256', $salt . $hash);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1 ){
if(crypt($password, $row['Password']) == $row['Password'])
{
header("location:index.php");
exit();
}
}
else {
//echo "Wrong Username or Password";
header("Location:login.php?errorMssg=".urlencode("Wrong Username or Password"));
}
function createSalt()
{
return '2123293dsj2hu2besdbsjdsd';
}
关于php - 如何使用散列密码后登录页面,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27700797/