0

嗨,我目前正在尝试将我正在制作的 java 应用程序链接到我拥有的网站。基本上我希望在网站上创建的帐户可以在 java 应用程序上访问。在我的登录页面上,我有一段代码可以提取保存在 sql 数据库中的部分密码。这里是:

    $username = $_POST['username']; //gets the username that is posted from the login page
$password = hash(sha256, md5(sha1($_POST['password']))); //encrypts the password posted from the login page

//get the requested user's password
$details = $database->processQuery("SELECT `password` FROM `users` WHERE `username` = ?", array($username), true); //gets the password from the sql database
$db_password = substr(substr($details[0]['password'], 54), 0, -3); //extracts characters from the saved password from 54 to -3 from the end

在注册页面我有这个:

        //generate a salt
    $salt = substr(hash(sha256, sha1(time())), 10);
    $password = $salt.hash(sha256, md5(sha1($_POST['password']))).substr($salt, 0, -51);

    $_SESSION['salt'] = $salt;
    $_SESSION['password'] = $password;
    $base->redirect('done.php');

我相信这会在当时生成的密码之前添加盐。所以我只需要提取密码,显然在登录页面中,它可以通过将密码从 54 开始并在结束前 3 个字符结束来完成此操作。我制作了一个密码器来加密用户在 java 应用程序中输入的密码(sha1 > md5 > sha254),然后我尝试匹配密码。我用了:

substring(54, pass.length()-3)

这与我在网站“d1ck30ng1”上输入的随机生成的密码完美配合。但是,当我使用密码“test123”创建另一个帐户时,我在与它匹配的密码之前得到一个额外的字符,这是一个示例:

d1ck30ng1:
Password that is read from the database before parts are removed:
5a3a59efb7d2085d12a2fe5298a7795c85b99dc7b3bcabc60d9e4c6469fe4370d1bd7f2b4ff0151698e3911a97f326f1fc1409a8d5430e7d283cbf5a3

Password that is entered in the application:
6469fe4370d1bd7f2b4ff0151698e3911a97f326f1fc1409a8d5430e7d283cbf

Password that is read from the database after the parts are removed:
6469fe4370d1bd7f2b4ff0151698e3911a97f326f1fc1409a8d5430e7d283cbf

matches perfectly

test123: 
Password that is read from the database before parts are removed:
fb1c94c4ab1b104badff98261269856aca8d34575c7114124aebbd068dc28e9d998bee17cdb25f5b1501710d4a629ad37f762478eeb01f465bc24bfb1

Password that is entered in the application:
68dc28e9d998bee17cdb25f5b1501710d4a629ad37f762478eeb01f465bc24b

Password that is read from the database after parts are removed
068dc28e9d998bee17cdb25f5b1501710d4a629ad37f762478eeb01f465bc24b

does not match!

所以我的问题是......我怎样才能让它工作,为什么它不工作:) 提前谢谢你!哦,顺便说一句,我是新来的,所以如果我没有在这篇文章中提供足够的细节或者在发布时做错了什么,我很抱歉。

4

0 回答 0