1

因此,我使用与前一段时间完全相同的脚本,并且由于某种原因,当我移至新域并托管它时遇到了非常奇怪的问题,我创建了一个用户并让 hm 尝试登录,它对他不起作用我用这个 php 从一个随机的 test.php 文件中得到了一个新的哈希值:

<?php
/**
 * In this case, we want to increase the default cost for BCRYPT to 12.
 * Note that we also switched to BCRYPT, which will always be 60 characters.
 */
$options = [
    'cost' => 9,
];
echo password_hash("His Pass", PASSWORD_BCRYPT, $options)."\n";
?>

然后它工作了,他登录正常,然后我尝试登录到我的主管理员帐户,由于某种原因,即使我现在尝试重新制作哈希 2 次,它现在也无法正常工作。

我不知道发生了什么,有人可以启发我。

下面是登录代码:

//If User Submits Form continue;
if(isset($_POST['username'])) {

    //If the captcha wasn't submitted;
    if(empty($_POST['g-recaptcha-response'])) {

        //And theres already a try with there IP;
        if($trycount != '0') {

            //Increment there try count and give a notification;
            updateTries(); ?>
            <script type="text/javascript">localStorage.setItem("notification", "nocaptcha");</script> <?php

        //If there isn't a try on there IP yet;
        } else {

            //Add one try and give a notification;
            addTry(); ?>
            <script type="text/javascript">localStorage.setItem("notification", "nocaptcha");</script> <?php

        }

    //If the captcha was submitted;
    } else {

        //Set captcha variable to the Submitted Captcha Response;
        $captcha=$_POST['g-recaptcha-response'];

        //Captcha Verification Url;
        $url = 'https://www.google.com/recaptcha/api/siteverify?secret=t&response=';

        //JSON Encode the Captcha's response and Site IP;
        $response = json_decode(file_get_contents($url.urlencode($captcha).'&remoteip='.$_SERVER['REMOTE_ADDR']), true);

        //If the captcha wasn't verified;
        if($response['success'] == false) {

            //And theres already a try with there IP;
            if($trycount != '0') {

                //Increment there try count and give a notification;
                updateTries(); ?>
                <script type="text/javascript">localStorage.setItem("notification", "captchafailed");</script> <?php

            //If there isn't a try on there IP yet;
            } else {

                //Add one try and give a notification;
                addTry(); ?>
                <script type="text/javascript">localStorage.setItem("notification", "captchafailed");</script> <?php

            }

        //Otherwise if it was verified;
        } else {

            //Try log in with the given details;
            user_login($_POST['username'],$_POST['password']);

            //If logged in redirect and give a notification;        
            if(loggedin()) { ?>
                <script type="text/javascript">localStorage.setItem("notification", "loggedin");</script>
                <meta http-equiv="refresh" content="0;URL='https://gameshare.io'" /> <?php
            } else {

                //And theres already a try with there IP;
                if($trycount != '0') {

                    //Increment there try count and give a notification;
                    updateTries(); ?>
                    <script type="text/javascript">localStorage.setItem("notification", "loginfailed");</script> <?php

                //If there isn't a try on there IP yet;
                } else {

                    //Add one try and give a notification;
                    addTry(); ?>
                    <script type="text/javascript">localStorage.setItem("notification", "loginfailed");</script> <?php

                }

            }

        }

    }

}

用户登录功能:

//Create a new function named user_login;
function user_login($username = false, $password = false) {

    //Fetch for the username and password applied;
    $st = fetch("SELECT username,password,email,image FROM users WHERE username = :username",array(":username"=>$username));

    //If a row was found continue
    if($st != 0) {

        $storedhash = $st[0]['password'];

        if (password_verify($password, $storedhash)) {

            //Set a new username session and set it the username;
            $_SESSION['username'] = $username;
            $_SESSION['email'] = $st[0]['email'];
            $_SESSION['image'] = $st[0]['image'];

            if($username == 'admin') {
                $_SESSION['role'] = 'admin';
            } else {
                $_SESSION['role'] = 'user';
            }

        }

    }

    //If no errors happened Make the $valid true;
    return true;

    $dontaddtry = true;

}

抓取功能:

//Create a new function named fetch;
function fetch($sql = false,$bind = false,$obj = false) {

    //Prepare The SQL Query;
    $query = Connect()->prepare($sql);

    //Execute Binded Query;
    $query->execute($bind);

    //While Fetching Results;
    while($result = $query->fetch(PDO::FETCH_ASSOC)) {

        //Add a row to the results respectiveley;
        $row[] = $result;

    }

    //If there are no rows;
    if(!empty($row)) {

        //Make it an object;
        $row = ($obj)? (object) $row : $row;
    } else {

        //Else row is false;
        $row = false;
    }

    //If no errors happened Make $row true;
    return $row;

}

连接功能:

//Create a new function named LoggedIn, And apply database info;
function Connect($host = 'localhost',$username = 'x',$password = 'x',$dbname = 'x') {

    //Try execute the PHP with no errors;
    try {

        //Create a PDO Session;
        $con = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);

        //Session Attributes;
        $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

    }

    //Catch all PDOException errors;
    catch (PDOException $e) {

        //If any errors print result;
        echo "<code><pre>".print_r($e)."</pre></code>";

        //Make the PDO session false;
        $con = false;
    }

    //If no errors happened Make the PDO session true;
    return $con;
}

PS如果您想在我的网站上尝试获得一个帐户,请告诉我,我会创建一个临时帐户。

4

1 回答 1

0

确保您的新主机的 php 版本。password_hash至少需要PHP 5.5.0

您可以通过以下代码检查您当前的 PHP 版本。

<?php
    echo 'Current PHP version: ' . phpversion();
?>
于 2015-11-20T02:08:36.663 回答