-2

现在,这不是“请为我调试我的 codez”问题。我已经花了......我什至不想考虑尝试解决这个问题需要多长时间。

我的问题是我正在执行这个 php 页面,理想情况下,它检查一个字符串并将其转换为更安全的格式,因为这个页面用于存储帐户的密码。

下面这段代码的目标是在每个字符处重复对字符串进行切片,然后将其评估为我的密钥。它对整个字符串长度执行此操作。返回给我的是“0”。我不知道系统是如何获得这个值的。

也许我使用错误的 substr() 函数?此外,我对解析字符串的完全不同的方法持开放态度,例如使用 RegExp。谢谢你们的帮助,伙计们!

代码:

<?php
error_reporting(0);
#region Initial
$accstr = "apple";
$accn = "scourge";
//Key
$a[0] = "#"; //These variables are for conversion; indexes of this array correspond to those
$a[1] = "!"; //of the other array ($ind)
$a[2] = "@";
$a[3] = "%$";
$a[4] = "%";
$a[5] = "!@";
$a[6] = "&*";
$a[7] = "^";
$a[8] = "##";
$a[9] = "&^";
$a[10] = "&";
$a[11] = "%~";
$a[12] = "!%";
$a[13] = "!$";
$a[14] = "*#";
$a[15] = "#*";
$a[16] = "~";
$a[17] = "~&";
$a[18] = "``";
$a[19] = "/^";
$a[20] = "%`";
$a[21] = "~~";
$a[22] = "`~";
$a[23] = "%%";
$a[24] = "~!";
$a[25] = "~#";
$a[26] = "``#";
$a[27] = "``!";
$a[28] = "``@";
$a[29] = "``%$";
$a[30] = "``%";
$a[31] = "``!@";
$a[32] = "``&*";
$a[33] = "``^";
$a[34] = "``##";
$a[35] = "``&^";
$a[36] = "&&^#";
$a[37] = "~@!";
$a[38] = "!@&@";
$a[39] = "%~~$";
$a[40] = "%`%";
$a[41] = "!^~@";
$a[42] = "&#$*";
$a[43] = "^**&";
$a[44] = "#%#`";
$a[45] = "&``!@^";
$a[46] = "&**~&";
$a[47] = "%|~";
$a[48] = "!-|~%";
$a[49] = "!$~";
$a[50] = "*/#";
$a[51] = "#%*";
$a[52] = "|~";

$ind[0] = "a";//These are used to tell what's being looked at in the string
$ind[1] = "b";
$ind[2] = "c";
$ind[3] = "d";
$ind[4] = "e";
$ind[5] = "f";
$ind[6] = "g";
$ind[7] = "h";
$ind[8] = "i";
$ind[9] = "j";
$ind[10] = "k";
$ind[11] = "l";
$ind[12] = "m";
$ind[13] = "n";
$ind[14] = "o";
$ind[15] = "p";
$ind[16] = "q";
$ind[17] = "r";
$ind[18] = "s";
$ind[19] = "t";
$ind[20] = "u";
$ind[21] = "v";
$ind[22] = "w";
$ind[23] = "x";
$ind[24] = "y";
$ind[25] = "z";
$ind[26] = "0";
$ind[27] = "1";
$ind[28] = "2";
$ind[29] = "3";
$ind[30] = "4";
$ind[31] = "5";
$ind[32] = "6";
$ind[33] = "7";
$ind[34] = "8";
$ind[35] = "9";
$ind[36] = "~";
$ind[37] = "!";
$ind[38] = "@";
$ind[39] = "#";
$ind[40] = "$";
$ind[41] = "%";
$ind[42] = "^";
$ind[43] = "&";
$ind[44] = "*";
$ind[45] = "(";
$ind[46] = ")";
$ind[47] = "_";
$ind[48] = "+";
$ind[49] = "`";
$ind[50] = "-";
$ind[51] = "=";
$ind[52] = "?";

$xml = new DOMDocument('1.0', 'utf-8');
$xml->formatOutput = true;
$xml->preserveWhiteSpace = false;
$xml->load('pwDB.xml');
$finln = "";
#endregion

#region Create coded password
$pwlen = strlen($accstr);
for($cnter=1;$cnter<=$pwlen;$cnter++)
    {
        $a1 = substr($accstr,$cnter,1);
        for($cnter2=1;$cnter2<=52;$cnter2++)
            {
                if($a1==$ind[$cnter2])
                    {
                        $finln += $a[$cnter2];
                    }
            }
    }
#endregion

#region Send finln
$newpw = $xml->createElement($accn);
$newpw->appendChild($xml->createElement('password', $finln));
$xml->getElementsByTagName('cache')->item(0)->appendChild($newpw);
file_put_contents("pwDB.xml",$xml->saveXML());
print $finln;
#endregion
?>
4

1 回答 1

1

所以典型的密码散列是一种方式——如果你需要两种方式,那么你谈论的是不同的加密。

通常为了散列你会做下面的事情,虽然我敦促不要逐字逐句而是自己研究一些,所以oyu了解你在做什么以及所涉及的概念:

$xml = new DOMDocument('1.0', 'utf-8');
$xml->formatOutput = true;
$xml->preserveWhiteSpace = false;
$xml->load('pwDB.xml');

$account = 'someuser';
$password = 'passw0rd';

// your salt can be a constant that you never change, or can be user specific
// if you make it user specific then you need to store it as well as the password
$salt = "1j0i90@$t%";

$hash = hash('sha256', $password . $salt);

$acct = $xml->createElement($account);
$pw = $xml->createElement('password', $salt);
$acct->appendChild($pw);

$xml->appendChild($acct);

file_put_contents("pwDB.xml",$xml->saveXML());

然后比较像登录一样的凭据,你会这样做:

    $xml = new DOMDocument('1.0', 'utf-8');
    $xml->formatOutput = true;
    $xml->preserveWhiteSpace = false;
    $xml->load('pwDB.xml');

    $account = 'someuser';
    $password = 'passw0rd';
    $salt = "1j0i90@$t%";

    $hash = hash('sha256', $password . $salt);
    $xpath = new DOMXPath($xml);

   // look up by account name - assuming these are unique
   $accountNodes = $xpath->query('//'.$account);
   if($accountNodes->length) {
      $accountNode = $accountNodes->item(0);
      $pwNodes = $xpath->query('//password', $accountNode);
      if($pwNodes->length) {
         $pwNode = $pwNodes->item(0);
         if($hash === (string) $pwNode) {
             // authentication OK!
         } 
      }
   }
于 2012-06-26T19:48:42.810 回答