【发布时间】:2011-01-01 03:16:27
【问题描述】:
我正在用这个把头发拉出来。我将哈希加盐密码和相关的盐存储在 MySQL 数据库中。它用于登录脚本。存储数据工作正常,数据以 CHAR(128) 类型存储在数据库中。
但是,当我无法成功地将密码字符串与登录表单中的散列登录密码匹配时。我已将所有内容简化为基本内容,即使输出(echo 或 var_dump)看起来相同,它仍然不匹配。
这里是注册码sn-p:
$_POST['dk_username'] = mysql_real_escape_string($_POST['dk_username']);
$_POST['dk_password'] = mysql_real_escape_string($_POST['dk_password']);
$username = stripslashes($_POST['dk_username']);
$password = stripslashes($_POST['dk_password']);
$salt = uniqid(mt_rand());
$newhash= $salt . $password;
$hashPass= hash('sha512', $newhash);
$email=$_POST['email'];
$sql="INSERT INTO users (uName,uPass2,uEmail,uSalt,uID)
VALUES ('$username','$hashPass','$email', '$salt', 'time()')";
mysql_query($sql) or die('Error, insert query failed');
这里是登录sn-p:
$_POST['dk_username'] = mysql_real_escape_string($_POST['dk_username']);
$_POST['dk_password'] = mysql_real_escape_string($_POST['dk_password']);
$username = stripslashes($_POST['dk_username']);
$password = stripslashes($_POST['dk_password']);
$query = "SELECT uID, uPass2, uSalt, uName FROM users WHERE uName = '$username';";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such user exists
{ echo 'Wrong username and/or password!';
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$salt=$userData['uSalt'];
$newhash= $salt . $password;
$hashPass= hash('sha512', $newhash);
$tempData=strcmp($hashpass, $userData['uPass2']);
if(hashPass != $userData['uPass2']){
echo "password not correct:<br/>";
echo "db: " . var_dump($userData['uPass2']) . "<br />";
echo "in: " . var_dump($hashPass) . "<br />;
echo $tempData . "<BR />";
}else{
echo "logged in";
}
登录结果:
password not correct:
string(128) "98f713244f3d97e8629222f8d37e3cad38c5c1e2fbf011c135723f36b7841ef29785b1866ac6dbab9cd044b12db8e4d16a4c68df1e3d7b8f4a27a8c3d4c9bca5" db:
string(128) "98f713244f3d97e8629222f8d37e3cad38c5c1e2fbf011c135723f36b7841ef29785b1866ac6dbab9cd044b12db8e4d16a4c68df1e3d7b8f4a27a8c3d4c9bca5" in:
-128
【问题讨论】: