使用Tuts Plus Hashing Tutorial它在检查哈希值时不断返回 false。密码绝对没有输入错误'111111'。我做了一个 IF 语句来回显它返回的内容,结果显示为“False”。
插入和选择信息的 PDO 查询都正常工作。
我的注册表单:
$pass_hash = PassHash::hash($_POST['pwd']);
$q = "INSERT INTO Users(password) VALUES (:password);";
$query = $db->prepare($q);
$query->bindParam(":password",$pass_hash);
$results = $query->execute();
$user_id = $db->lastInsertID();
我的登录表格:
<?php
require ("include/PassHash.php");
if(isset($_POST['login'])){
$email = $_POST['email'];
$password = $_POST['password'];
$query = $db->prepare('SELECT * FROM Users WHERE email = :email');
$query->bindParam(":email",$email);
$results = $query->execute();
$total = $query->rowCount();
$row = $query->fetch();
// Returns more than 0 rows (Email found) and checks hash.
if($total>0 && PassHash::check_password($row['password'], $_POST['password'])){
// Correct credentials.
$_SESSION['user_id'] = $row['id'];
$_SESSION['user_email'] = $email;
session_set_cookie_params(24*60*60);
ob_start();
header('Location: /index.php?p=user_account', true);
exit();
ob_end_flush();
} else {
// Incorrect password / email.
}
}
?>
PassHash.php
<?php
class PassHash {
// blowfish
private static $algo = '$2a';
// cost parameter
private static $cost = '$10';
// mainly for internal use
public static function unique_salt() {
return substr(sha1(mt_rand()),0,22);
}
// this will be used to generate a hash
public static function hash($password) {
return crypt($password,
self::$algo .
self::$cost .
'$' . self::unique_salt());
}
// this will be used to compare a password against a hash
public static function check_password($hash, $password) {
$full_salt = substr($hash, 0, 29);
$new_hash = crypt($password, $full_salt);
return ($hash == $new_hash);
}
}
?>
提交表单后,我已经打印了密码和电子邮件,两者都显示了,所以这不是输入错误。