0

我试图根据数据库中的密码验证密码,但它不起作用。请查看我的代码,让我知道出了什么问题。

用于将用户名和密码存储到数据库的代码。

<?php

echo "enter the username \n";

$username = trim(fgets(STDIN));

echo "enter the password\n";

$password = trim(fgets(STDIN));

//connecting to database

$con=mysqli_connect("localhost","sqldata","sqldata","accounts");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$salt = substr(sha1(mt_rand()),0,22);

$hashedPassword= crypt($password , '$2y$10$' . $salt);

echo $hashedPassword;

mysqli_query($con,"INSERT INTO login (username, password)
VALUES ('$username', '$hashedPassword')");

mysqli_close($con)

?>

验证密码的代码如下

<?php


echo "enter the username \n";

$username = trim(fgets(STDIN));

echo "enter the password\n";

$password = trim(fgets(STDIN));

//connecting to database

$db = mysql_connect("localhost","sqldata","sqldata") or die(mysql_error());


//selecting our database

$db_select = mysql_select_db("accounts", $db) or die(mysql_error());

$result= mysql_query("select * from login where username = '$username' ");

if ( !$result ) exit( "$userName wasn't found in the database!" );
$row = mysql_fetch_array( $result );

$storedPassword = $row['password'];

$salt = substr(sha1(mt_rand()),0,22);

$hashedPassword= crypt($password , '$2y$10$' . $salt);

if (crypt($hashedPassword) == $storedPassword)
{
echo "ok";
}
else
{
echo "error";
}
?>
4

2 回答 2

1

这比你想象的要简单。crypt 格式有点聪明:它包含 salt 作为加密密码的开头,格式为 (method)(salt)(hash)。

使用 crypt() 时,它只查看 (method)(salt) 并使用它们返回 (method)(salt)(hash),因此要验证密码,您只需将加密后的密码作为 salt 传递看看结果是否匹配。也就是说,

crypt($testPassword, $hashedPassword) === $hashedPassword
于 2013-05-17T16:09:46.497 回答
1

当您将密码保存到您正在使用的数据库时:

$hashedPassword= crypt($password , '$2y$10$' . $salt);

但是当您检索密码并检查它时,我发现有一些错误:

$storedPassword = $row['password'];

$salt = substr(sha1(mt_rand()),0,22);

$hashedPassword= crypt($password , '$2y$10$' . $salt);

if (crypt($hashedPassword) == $storedPassword){/*...*/}

1、不应该:

$hashedPassword= crypt($password, '$2y$10$' . $salt);

$hashedPassword= crypt($storedPassword, '$2y$10$' . $salt);

2,您似乎使用crypt了两次:

$hashedPassword= crypt($password , '$2y$10$' . $salt);
if (crypt($hashedPassword) == $storedPassword)

所以不应该只是:

$hashedPassword= crypt($storedPassword, '$2y$10$' . $salt);
if ($hashedPassword == $storedPassword){/*...*/}
于 2013-05-17T01:53:43.430 回答