我有一个注册页面,允许用户输入密码。我在注册时对密码进行哈希处理,以便更安全地存储在数据库中。
当用户使用相同的密码登录时,两个哈希不匹配,用户无法登录。
这是我第一次使用哈希,它的行为不像我预期的那样:
这是注册页面上的哈希码:
$salt ="";
function cryptPass($input, $rounds = 9)
{
$salt = "";
$saltChars = array_merge(range('A','Z'), range('a','z'), range('0','9'));
for($i = 0; $i<22; $i++)
{
$salt .=$saltChars[array_rand($saltChars)];
}
return crypt($input, sprintf('$2y$%02d$test$', $rounds) . $salt);
}
$hashedpass = cryptPass($pass1);
echo $hashedpass;
//************Insert all the members's input to the database**************************//
$query = mysql_query("INSERT INTO members(user_name, first_name, last_name, governorate, district, village, birth_date, email_address, specialization, password, salt, registered_date )VALUES('$username', '$firstname', '$lastname', '$governorate', '$district', '$village', '$bdate', '$email', '$specialization', '$hashedpass', '$salt', now())")or die(mysql_error());
我确实加了盐,但它给空了
这是登录页面上的哈希码
function cryptPass($input, $rounds = 9)
{
$salt = "";
$saltChars = array_merge(range('A','Z'), range('a','z'), range('0','9'));
for($i = 0; $i<22; $i++)
{
$salt .=$saltChars[array_rand($saltChars)];
}
return crypt($input, sprintf('$2y$%02d$test$', $rounds) . $salt);
}
$hashedpass = cryptPass($pass);
echo $hashedpass;
$sql=mysql_query( "SELECT user_id, email_address, first_name, user_name FROM members WHERE email_address='$email'AND password= '$hashedpass' LIMIT 1") or die("error in members table");
$login_check = mysql_num_rows($sql);
if($login_check > 0)the hashing password = $2y$09$test$4ZGgCiXdKzgQvuzwu.AxfdWvZadDCE.LD6HCkrK3ZsqJeN7e