我目前正在开发我自己的具有登录和注册功能的用户类。我这样做主要是为了学习体验。现在我遇到了一个我无法解决的问题。我的注册函数如下所示:
public function createUser($username, $email, $password)
{
$password = trim($password);
//Generate users salt
$user_salt = $this->getRandomHash();
//Salt and Hash the password
$password = $user_salt . $password;
$password = $this->hashData($password);
//Create verification code
$code = $this->randomString();
//Commit values to database here.
$created = "INSERT INTO users (username, email, password, user_salt, is_verified, is_active, verification_code) VALUES ('".$username."','".$email."', '".$password."', '".$user_salt."', 0, 1, '".$code."')";
$created = $this->_database->Set($created);
if($created != false){
return true;
}
return false;
}
而 hashData 看起来像这样:
protected function hashData($data)
{
return hash_hmac('sha512', $data, $this->_siteKey);
}
这是我的登录功能:
$password = trim($password);
//Select users row from database base on $email
$selection = "SELECT * FROM users WHERE username='".$username."' LIMIT 1";
$selection = $this->_database->Get($selection);
$row = mysqli_fetch_assoc($selection);
//Salt and hash password for checking
$password = $row['user_salt'] . $password;
$password = $this->hashData($password);
$match = false;
//Check email and password hash match database row
if($username == $row['username'] && $password == $row['password']){
$match = true;
}
现在的问题是密码不匹配,即使我百分百确定我输入正确。我不太确定它为什么会失败,因为我使用相同的盐来散列输入的密码。也许我在这里做错了什么......如果您需要更多代码,请告诉我。否则感谢任何愿意提供帮助的人。