gpt4 book ai didi

php - 散列/加盐时密码不匹配

转载 作者:行者123 更新时间:2023-11-29 00:43:12 25 4
gpt4 key购买 nike

好的,所以下面的所有代码都不是我自己的。我一直在关注 Internet 上的教程,但是当我尝试运行它时,似乎没有匹配的密码。我认为加盐密码可能存在错误,因为数据库中的内容与 login.php 脚本中描述的 64 个字符相去甚远。我不知道。代码如下:

register.php

// Create a 256 bit (64 characters) long random salt
// Let's add 'something random' and the username
// to the salt as well for added security
$salt = hash('sha256', uniqid(mt_rand(), true) . 'something random' . strtolower($username));

// Prefix the password with the salt
$hash = $salt . $password;

// Hash the salted password a bunch of times
for ( $i = 0; $i < 100000; $i ++ )
{
$hash = hash('sha256', $hash);
}

// Prefix the hash with the salt so we can find it back later
$hash = $salt . $hash;

// carry on with registration code...

登录.php

$email = $_POST['email'];
$password = $_POST['password'];

$con = mysql_connect("localhost", "redacted", "redacted", "redacted");

$sql = '
SELECT
`password`
FROM `users`
WHERE `email` = "' . mysql_real_escape_string($email) . '"
LIMIT 1
;';

$r = mysql_fetch_assoc(mysql_query($sql));

// The first 64 characters of the hash is the salt
$salt = substr($r['password'], 0, 64);

$hash = $salt . $password;

// Hash the password as we did before
for ( $i = 0; $i < 100000; $i ++ )
{
$hash = hash('sha256', $hash);
}

$hash = $salt . $hash;

if ( $hash == $r['password'] )
{
session_start();
header('Location: /quiz/index.php');
}

if( $hash != $r['password'] ){
session_start();
header('Location: /?error=4');
}

// end login script

最佳答案

一个常见的错误是数据库字段的长度不足以存储所有字符。密码将永远不会等于用户输入的密码。

对于这种功能,始终编写单元测试来检查功能是否(仍然)按预期工作。有一天有人修改数据库,改hash算法,修改salt……就没人能登录了。

关于php - 散列/加盐时密码不匹配,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11339958/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com