0

我正在制作简单的 perl 脚本,用于使用 Argon2 进行注册/登录以进行加密。(凭据取自 HTML 表单)。用户的创建工作正常,用户名和哈希密码存储在数据库中。问题与提取/身份验证有关。我不确定我是否正确使用了验证。

#!/usr/bin/perl
use strict;
use warnings;
use Crypt::Argon2 qw/argon2id_pass argon2id_verify/;
use CGI::Simple;
use DBI;
sub get_data{
    my ( $user) = @_;
    my $statement = "SELECT USER_HASH FROM LOGIN_DATA WHERE USER_NAME = ?";
    my $driver = "mysql";
    my $database = "USERS";
    my $dsn = "DBI:$driver:database=$database";
    my $dataUsr = "user";
    my $dataPass = "user123";
    my $dbcon = DBI->connect($dsn,$dataUsr,$dataPass) or die  $!;
    my $preState = $dbcon->prepare($statement);
    $preState->execute($user);
    my @row ;
    my $hash_pass;
    while(@row=$preState->fetchrow_array()){
        $hash_pass = $row[0];
    }
    return $hash_pass;
}
sub check_pass{
    my ($user , $pass) = @_;
    my $encoded = get_data($user);
    return argon2id_verify($encoded , $pass);
}  
my $cgi = CGI::Simple->new;
my $username = $cgi->param("username");
my $password = $cgi->param ("password");
check_pass($username , $password)

这是我尝试在终端中运行时出现的错误Use of uninitialized value in subroutine entry at checkUser.cgi line 30. Could not verify argon2id tag: Decoding failed at checkUser.cgi line 30.

4

1 回答 1

2

删除所有 CGI、所有数据库连接并用虚拟值替换输入显示相同的错误消息,所以我的猜测是您没有从数据库中获得结果:

#!/usr/bin/perl
use strict;
use warnings;
use Crypt::Argon2 qw/argon2id_pass argon2id_verify/;
sub check_pass{
    my ($user , $pass) = @_;
    return argon2id_verify(undef, $pass);
}  
check_pass("mytest", "some-test-password-2018")

__END__
Use of uninitialized value in subroutine entry at tmp.pl line 7.
Could not verify argon2id tag: Decoding failed at tmp.pl line 7.

因此,最好的步骤是通过验证您是否确实从数据库中获得了结果来隔离问题。

于 2018-09-29T12:16:58.243 回答