我最近建立了自己的专用服务器并安装了编写PHP脚本等所需的一切。但是当我从MySQL数据库返回加密密码时,我似乎遇到了问题,我不知道它是否是与我的PHP配置有关,或者与我的MySQL配置有关。基本上发生的事情是,当我使用PDO从数据库返回加密密码时,它会丢失某些字符,因此当PHP将用户在登录时输入的加密密码与数据库中保存的密码进行比较时,它会引发错误。
这是一个例子:
加密后用户输入的密码:“#7��”�����8wŖQE��4YW�6�'��u�</p>
从数据库返回的密码:?#7??"?????8w?QE??4YW?6?'??u?
''' 字符似乎正在更改为 '?' 字符:S
我检查了PHPMyAdmin中的密码,看它是否缺少任何字符,但密码匹配,所以介于两者之间的某处是黑麦,我不确定它是否与PHP设置或MySQL有关。
这是我的脚本:
哈希和盐脚本(modules.php):
<?php
/* Initialises the username variable. */
$username = $_SESSION['username'];
/* If the user has changed their details then this block of code will make the changes to the database.
if(isset($_POST['detailsChanged']) == 1)
{
$statement = $conn -> prepare("UPDATE people SET Firstname = :firstname, Surname = :surname, Email = :email WHERE Username = :username ");
$statement->bindParam(':firstname', $_POST['Firstname'], PDO::PARAM_INT);
$statement->bindParam(':surname', $_POST['Surname'], PDO::PARAM_INT);
$statement->bindParam(':email', $_POST['Email'], PDO::PARAM_INT);
$statement->bindParam(':username', $username, PDO::PARAM_INT);
$statement->execute();
}*/
if(isset($_SESSION["passed"]) == 1)
{
$statement = $conn->prepare("SELECT * FROM people WHERE username = '".$username."'");
$statement->execute();
$result = $statement->fetch();
$firstname = $result['Firstname'];
$surname = $result['Surname'];
$username2 = $result['Username'];
}
function pbkdf2( $p, $s, $c, $kl, $a = 'sha256' ) {
$hl = strlen(hash($a, null, true)); # Hash length
$kb = ceil($kl / $hl); # Key blocks to compute
$dk = ''; # Derived key
# Create key
for ( $block = 1; $block <= $kb; $block ++ ) {
# Initial hash for this block
$ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true);
# Perform block iterations
for ( $i = 1; $i < $c; $i ++ )
# XOR each iterate
$ib ^= ($b = hash_hmac($a, $b, $p, true));
$dk .= $ib; # Append iterated block
}
# Return derived key of correct length
return substr($dk, 0, $kl);
}
?>
PDO初始化(出于安全原因删除了登录名和密码)(connection.php):
<?php
$login = "*******";
$password = "********";
$dsn = "mysql:host=localhost;dbname=wishpiggy";
$opt = array(
// any occurring errors wil be thrown as PDOException
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
// an SQL command to execute when connecting
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
);
$conn = new PDO($dsn, $login, $password);
$conn->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND, "SET NAMES 'utf8'");
?>
登录页面:
<?php ob_start(); session_start(); include ('sql_connect/connection.php'); include('sql_connect/modules.php');
//This section of code checks to see if the client is using SSL, if not
// if($_SERVER["HTTPS"] != "on")
// {
// header("HTTP/1.1 301 Moved Permanently");
// header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
// exit();
// }
//This if statement checks to see if the session variable 'username' is set, and if so it will redirect the user to their profile page.
if(isset($_SESSION["username"]))
{
header("Location: /home/");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Wish Piggy</title>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="js/loginjs.js"></script>
</head>
<body>
<div class="index_div">
<div class="logo"><img src="img/wish_piggy.jpg" alt="" />
</div>
<div class="text"><span>89% Fulfilled</span>
</div>
<div class="bar"><img src="img/wish_piggy_bar.jpg" alt="" />
</div>
<div class="text">
<div class="text_l"><p>1,000,000 People</p>
</div>
<div class="text_r"><p>9,000,838 Wishes</p>
</div>
</div>
<div class="sign_in"><a id="show-panel" href="#"></a>
</div>
</div>
<div id="lightbox-panel">
<form id="loginForm" name="form" action="index.php" method="post" >
<input name="submitted" type="hidden" value="1" />
<div class="login_label"><img src="img/wish_piggy_login.jpg" alt="" /><a id="open_signin" href="#">SIGN UP HERE</a><p>Login</p><a id="close-panel" href="#"></a>
</div>
<div class="login_input"><input name="email" type="text" value="<?php if(isset($_COOKIE['username']) && $_COOKIE['username'] != ""){echo $_COOKIE['username']; $_SESSION["username"] = $_COOKIE['username']; $_SESSION["passed"] = 1; header("Location: /home/");}else{echo "Email";} ?>" onclick="this.value=''" />
</div>
<div class="input_label"><span>(e.g. johndoe@email.com)</span>
</div>
<div class="login_input"><input name="password" type="password" value="Password" onclick="this.value=''" />
</div>
<div class="input_label"><a href="#">Forgot Password</a>
</div>
<div class="login_submit">
<div class="login_checkbox"><input name="remember" type="checkbox" value="" /> <span>Remember me</span>
</div>
<div class="login_submit_input"><input name="submit" type="submit" value=""/>
</div>
</div>
</form>
</div>
<div id="lightbox"></div>
<div id="lightbox-panel2">
<div class="inner_lightbox2"><img src="img/wish_piggy_login.jpg" alt="" /><a id="close-panel2" href="#"></a>
</div>
<div class="signup_form">
<form action="index.php" method="post">
<input name="submitted" type="hidden" value="1" />
<div class="signup_form_label"><span>Firstname:</span>
</div>
<div class="signup_form_input"><input name="firstname" type="text" />
</div>
<div class="signup_form_label"><span>Surname:</span>
</div>
<div class="signup_form_input"><input name="surname" type="text" />
</div>
<div class="signup_form_label"><span>Email:</span>
</div>
<div class="signup_form_input"><input name="email" type="text" />
</div>
<div class="signup_form_label"><span>Confirm Email:</span>
</div>
<div class="signup_form_input"><input name="emailConfirm" type="text" />
</div>
<div class="signup_form_label"><span>Password:</span>
</div>
<div class="signup_form_input"><input name="password" type="text" />
</div>
<div class="signup_form_label"><span>Confirm Password:</span>
</div>
<div class="signup_form_input"><input name="passwordConfirm" type="text" />
</div>
<div class="signup_form_label2"><img src="img/wish_piggy_captcha.jpg" alt="" />
</div>
<div class="signup_form_input2"><input name="" type="text" />
</div>
<div class="signup_form_submit"><input name="" type="button" value="register" />
</div>
</form>
</div>
</div>
<?php
if(isset($_POST["submitted"]) == 1)
{
echo "caught data!";
$email = $_POST["email"];
$password = $_POST["password"];
if($password == "")
{
die ("Your username or password is incorrect.");
}
$usernameValidated = 0;
$statement = $conn->prepare("SELECT password FROM users WHERE email = :name");
$statement->bindParam(":name", $email);
$statement->execute();
$passCompare = $statement->fetch();
$passSubmitHashed = pbkdf2($password, "butterScotch", 1000, 32);
echo $passSubmitHashed;
echo " || ";
echo $password;
if($passSubmitHashed == $passCompare['password'])
{
$usernameValidated++;
}
echo "hurrdurr || " . $passCompare['password'];
if($usernameValidated == 0)
{
die("Your username or password is incorrect..");
}
}
if(isset($_POST["submitted"]) == NULL || isset($usernameValidated) > 0)
{
echo "<style> #text_contents{display: none;}</style>";
}
if(isset($usernameValidated) >= 1)
{
$_SESSION["username"] = $username;
$expiry = 60 * 60 * 6 + time();
setcookie('username', $username, $expiry);
$_SESSION["passed"] = $_POST["submitted"];
header("Location: /profile/");
}
ob_end_flush();
?>
<div id="lightbox2"></div>
<?php ob_end_flush(); ?>
</body>
</html>