最受欢迎

哈希密码登录错误

Hashed Password Logging In Error

本文关键字:错误 登录 密码 哈希 | 更新日期: 2023-09-27

好的,所以当我定义变量'$password'是什么时,我使用'sha1'对密码进行哈希,然后在登录阶段,我再次使用'sha1' 但是我的错误消息无效登录凭据是唯一要发生的事情。

Registration.php 

   $password = sha1($_POST['password']);
   $password_escaped = mysqli_real_escape_string ($db, $password);
   $query = "INSERT INTO admin (forename,surname,email,securityq, securitya,password) VALUES ('$forename_escaped','$surname_escaped','$email_escaped','$securityq_escaped','$securitya_escaped','$password_escaped')";

login。

    if (!empty($_POST['email']))
{
    $email = $_POST['email'];
    $password = sha1 ($_POST['pass']);
    include('connect-db.php');
    $query = mysqli_query ($db, "SELECT * FROM admin WHERE email = '$email' AND  password = '$password'");
$row = mysqli_fetch_array ($query);
if(!empty($row['email']) AND !empty($row['password']))
{
    $_SESSION['email'] = $row['password'];

成功或失败消息

 echo ("<SCRIPT LANGUAGE='JavaScript'>
    window.alert('Successful Login')
    window.location.href='adminhome.php';
    </SCRIPT>");
}
else
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
    window.alert('Invalid Login Credentials')
    window.location.href='adminsignin.php';
    </SCRIPT>");
} 
}
}
if(isset($_POST['submit']))
{
SignIn();
}

这个代码有什么问题,它不让我用散列密码登录?

您的代码中有一些陷阱,也有一些解决它的可能性。

最简单的解决方法是修改

if (!empty($_POST['email']))
{
    $email = $_POST['email'];
    $password =   ($_POST['pass']);


if (!empty($_POST['email']))
{
    $email = $_POST['email'];
    $password =   sha1($_POST['pass']); //you need to check the hashes not the password itself.

一个更简洁的修复是使用password_hash(见这里)。

你的代码应该是:

使用mysql数据库

$myslqiDB = new mysqli("localhost", "my_user", "my_password", "world");

报名

$email = $myslqiDB->real_escape_string($_POST['email']);
$options = [
    'cost' => 12,
];
$password = $myslqiDB->real_escape_string(password_hash ($_POST['password'],PASSWORD_BCRYPT, $options));
$query = "INSERT INTO admin (forename,surname,email,securityq, securitya,password) VALUES ('$forename','$surname','$email','$securityq','$securitya','$password')";
$data = $myslqiDB->query ($query)or die($myslqiDB->error());

登录

if (!empty($_POST['email']))
{
    $email = $myslqiDB->real_escape_string($_POST['email']);
    $password = $_POST['pass'];
    $query = $myslqiDB->query ("SELECT * FROM admin WHERE email = '$email'");
    $row = $myslqiDB->fetch_assoc ($query);
    if(!empty($row['email']) AND !empty($row['password']))
    {
        if (password_verify ( $password , $row['password'] ) ){
            //loggedin
        }else{
            //wrong password.
        }
    }else{
        //no user with this email
    }

在打印我的$query以查看与数据库进行比较的密码并检查数据库中的散列密码后,我意识到数据库中的密码缺少10个字符,我意识到我的VARCHAR设置为30…密码哈希值是40!

设置VARCHAR(40)后,密码散列立即工作。

任何与我有类似问题的人(愚蠢)确保你在数据库中的值足够长

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习