我正在创建一个登录系统。但是无论出于何种原因,我都无法获得正确验证的密码。当我知道密码正确时,它一直告诉我密码是错误的。这是表单代码:
<form id="login" action="login_processing.php" method="post">
<label2>Email</label2>
<input type="text" name="email">
<label2>Password</label2>
<input type="password" name="password">
<a class="forgot_password" href="forgot.php">Forgot password?</a>
<input type="submit" class="custom_submit" name="sign_in" value="Sign In">
<br />
<br />
<br />
<a href="#sliderName" class="next">Create Account</a>
</form>
这里用于处理登录信息的代码login_processing.php:
require_once 'database_connect.php';
session_start();
$email = $_POST['email'];
$password = $_POST['password'];
$email = mysql_real_escape_string($email);
$findLogin = "SELECT password, salt FROM client_login WHERE email = '$email';";
$loginResult = mysql_query($findLogin);
if (mysql_num_rows($loginResult) < 1){
$_SESSION['errNo_account'] = 'No account with that email exists';
header('Location: login.php');
}
$userData = mysql_fetch_array($loginResult, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password));
if ($hash != $userData['password']){
$_SESSION['errPassword_incorrect'] = 'Incorrect Password';
header('Location: myaccount.php');
}
else{
$idSelect = "SELECT client_id FROM client_login WHERE email = '$email' ";
$idResult = mysql_query($idSelect);
while($idData = mysql_fetch_assoc($idResult)){
$_SESSION['client_id'] = $idData['client_id'];
}
}
这是原始注册页面,用于散列密码并添加盐:
function createSalt(){
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
$salt = createSalt();
$hash = hash('sha256', $salt . $hash);
$insertLogin = "INSERT INTO client_login(email, password, salt, created) VALUES('$email','$hash', '$salt', '$today')";
mysql_query($insertLogin);
它一直告诉我我的密码不正确...当我知道它不是。我似乎无法弄清楚错误是什么,它让我发疯
!!任何帮助将不胜感激。
在注册脚本中,您使用的是 concated salt 和 pw 的单个哈希,但在登录脚本中,您使用的是嵌套 hash() 调用。
注册:
$hash = hash('sha256', $salt . $hash);
登录:
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password));
注意到区别了吗?
这就是我搞砸的地方..在匆忙中,我从未真正在创建新帐户时开始散列密码。 所以它没有散列任何东西....只是它自己。所以我在"新帐户"页面中添加了一行(散列原始密码),并解决了整个问题:
function createSalt(){
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
$hash = hash('sha256', $password); //this was forgotten originally :(
$salt = createSalt();
$hash = hash('sha256', $salt . $hash);
现在添加后,上面的代码工作正常。谢谢!