0

我最近建立了自己的专用服务器并安装了编写PHP脚本等所需的一切。但是当我从MySQL数据库返回加密密码时,我似乎遇到了问题,我不知道它是否是与我的PHP配置有关,或者与我的MySQL配置有关。基本上发生的事情是,当我使用PDO从数据库返回加密密码时,它会丢失某些字符,因此当PHP将用户在登录时输入的加密密码与数据库中保存的密码进行比较时,它会引发错误。

这是一个例子:

加密后用户输入的密码:“#7��”�����8wŖQE��4YW�6�'��u�</p>

从数据库返回的密码:?#7??"?????8w?QE??4YW?6?'??u?

''' 字符似乎正在更改为 '?' 字符:S

我检查了PHPMyAdmin中的密码,看它是否缺少任何字符,但密码匹配,所以介于两者之间的某处是黑麦,我不确定它是否与PHP设置或MySQL有关。

这是我的脚本:

哈希和盐脚本(modules.php):

<?php


        /* Initialises the username variable. */
        $username = $_SESSION['username'];

        /* If the user has changed their details then this block of code will make the changes to the database. 
        if(isset($_POST['detailsChanged']) == 1)
        {

            $statement = $conn -> prepare("UPDATE people SET Firstname = :firstname, Surname = :surname, Email = :email WHERE Username = :username ");

            $statement->bindParam(':firstname', $_POST['Firstname'], PDO::PARAM_INT);
            $statement->bindParam(':surname', $_POST['Surname'], PDO::PARAM_INT);
            $statement->bindParam(':email', $_POST['Email'], PDO::PARAM_INT);
            $statement->bindParam(':username', $username, PDO::PARAM_INT);
            $statement->execute();

        }*/

        if(isset($_SESSION["passed"]) == 1)
        {

            $statement = $conn->prepare("SELECT * FROM people WHERE username = '".$username."'");

            $statement->execute();  

            $result = $statement->fetch();

            $firstname = $result['Firstname'];
            $surname = $result['Surname'];
            $username2 = $result['Username'];

        }
        function pbkdf2( $p, $s, $c, $kl, $a = 'sha256' ) {

            $hl = strlen(hash($a, null, true)); # Hash length
            $kb = ceil($kl / $hl);              # Key blocks to compute
            $dk = '';                           # Derived key

            # Create key
            for ( $block = 1; $block <= $kb; $block ++ ) {

                # Initial hash for this block
                $ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true);

                # Perform block iterations
                for ( $i = 1; $i < $c; $i ++ )

                    # XOR each iterate
                    $ib ^= ($b = hash_hmac($a, $b, $p, true));

                $dk .= $ib; # Append iterated block
            }

            # Return derived key of correct length
            return substr($dk, 0, $kl);
        }
?>

PDO初始化(出于安全原因删除了登录名和密码)(connection.php):

<?php 

$login = "*******";
    $password = "********";

    $dsn = "mysql:host=localhost;dbname=wishpiggy";
$opt = array(
    // any occurring errors wil be thrown as PDOException
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
    // an SQL command to execute when connecting
    PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
);

    $conn = new PDO($dsn, $login, $password);
    $conn->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND, "SET NAMES 'utf8'");
?>

登录页面:

<?php ob_start(); session_start(); include ('sql_connect/connection.php'); include('sql_connect/modules.php');

    //This section of code checks to see if the client is using SSL, if not 
    // if($_SERVER["HTTPS"] != "on")
    // {
    //        header("HTTP/1.1 301 Moved Permanently");   
    //        header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
    //        exit();
    // }

    //This if statement checks to see if the session variable 'username' is set, and if so it will redirect the user to their profile page.

    if(isset($_SESSION["username"]))
    {
        header("Location: /home/");
    }

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Wish Piggy</title>
    <link href="css/styles.css" rel="stylesheet" type="text/css" />
    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
    <script type="text/javascript" src="js/loginjs.js"></script>
</head>

<body>

    <div class="index_div">
        <div class="logo"><img src="img/wish_piggy.jpg" alt="" />
        </div>
        <div class="text"><span>89% Fulfilled</span>
        </div>
        <div class="bar"><img src="img/wish_piggy_bar.jpg" alt="" />
        </div>
        <div class="text">
            <div class="text_l"><p>1,000,000 People</p>
            </div>
            <div class="text_r"><p>9,000,838 Wishes</p>
            </div>
        </div>
        <div class="sign_in"><a id="show-panel" href="#"></a>
        </div>
    </div>

    <div id="lightbox-panel">
        <form id="loginForm" name="form" action="index.php" method="post" >
            <input name="submitted" type="hidden" value="1" /> 
            <div class="login_label"><img src="img/wish_piggy_login.jpg" alt="" /><a id="open_signin" href="#">SIGN UP HERE</a><p>Login</p><a id="close-panel" href="#"></a>
            </div>
            <div class="login_input"><input name="email" type="text" value="<?php if(isset($_COOKIE['username']) && $_COOKIE['username'] != ""){echo $_COOKIE['username']; $_SESSION["username"] = $_COOKIE['username']; $_SESSION["passed"] = 1; header("Location: /home/");}else{echo "Email";} ?>" onclick="this.value=''" />
            </div>
            <div class="input_label"><span>(e.g. johndoe@email.com)</span>
            </div>
            <div class="login_input"><input name="password" type="password" value="Password" onclick="this.value=''" />
            </div>
            <div class="input_label"><a href="#">Forgot Password</a>
            </div>
            <div class="login_submit">
                <div class="login_checkbox"><input name="remember" type="checkbox" value="" /> <span>Remember me</span>
                </div>
                <div class="login_submit_input"><input name="submit" type="submit" value=""/>
                </div>
            </div>
        </form>
    </div>
    <div id="lightbox"></div>

    <div id="lightbox-panel2">
        <div class="inner_lightbox2"><img src="img/wish_piggy_login.jpg" alt="" /><a id="close-panel2" href="#"></a>
        </div>
        <div class="signup_form">
            <form action="index.php" method="post">   
                <input name="submitted" type="hidden" value="1" /> 
                <div class="signup_form_label"><span>Firstname:</span>
                </div>
                <div class="signup_form_input"><input name="firstname" type="text" />
                </div>
                <div class="signup_form_label"><span>Surname:</span>
                </div>
                <div class="signup_form_input"><input name="surname" type="text" />
                </div>
                <div class="signup_form_label"><span>Email:</span>
                </div>
                <div class="signup_form_input"><input name="email" type="text" />
                </div>
                <div class="signup_form_label"><span>Confirm Email:</span>
                </div>
                <div class="signup_form_input"><input name="emailConfirm" type="text" />
                </div>
                <div class="signup_form_label"><span>Password:</span>
                </div>
                <div class="signup_form_input"><input name="password" type="text" />
                </div>
                <div class="signup_form_label"><span>Confirm Password:</span>
                </div>
                <div class="signup_form_input"><input name="passwordConfirm" type="text" />
                </div>
                <div class="signup_form_label2"><img src="img/wish_piggy_captcha.jpg" alt="" />
                </div>
                <div class="signup_form_input2"><input name="" type="text" />
                </div>
                <div class="signup_form_submit"><input name="" type="button" value="register" />
                </div>
            </form>
        </div>
    </div>
    <?php
        if(isset($_POST["submitted"]) == 1)
        {
            echo "caught data!";
            $email = $_POST["email"];
            $password = $_POST["password"];
            if($password == "")
            {
                die ("Your username or password is incorrect.");
            }

            $usernameValidated = 0;

            $statement = $conn->prepare("SELECT password FROM users WHERE email = :name");
            $statement->bindParam(":name", $email);
            $statement->execute();

            $passCompare = $statement->fetch();
            $passSubmitHashed = pbkdf2($password, "butterScotch", 1000, 32);
            echo $passSubmitHashed;
            echo " || ";
            echo $password;
            if($passSubmitHashed == $passCompare['password'])
            {
                $usernameValidated++;
            }
            echo "hurrdurr || " . $passCompare['password'];
            if($usernameValidated == 0)
            {

                die("Your username or password is incorrect..");

            }

        }
        if(isset($_POST["submitted"]) == NULL || isset($usernameValidated) > 0)
        {
            echo "<style> #text_contents{display: none;}</style>";
        }   

        if(isset($usernameValidated) >= 1)
        {
            $_SESSION["username"] = $username;
            $expiry = 60 * 60 * 6 + time();
            setcookie('username', $username, $expiry);
            $_SESSION["passed"] = $_POST["submitted"];

            header("Location: /profile/");
        }
        ob_end_flush();
    ?>
    <div id="lightbox2"></div>
    <?php ob_end_flush(); ?>
</body>
</html>
4

1 回答 1

4

只需使用base64_encode(在保存之前和比较时)对密码进行编码:)

于 2012-07-24T14:18:51.160 回答