我正在尝试使用sha1散列来保护密码到saltMe()函数,但无论我在密码字段中键入什么,ectrypted密码都会相同。 这可能会导致我认为的安全漏洞。
这是我的盐功能
**************************************************
* sha1 salt string to make a more secure hash
***************************************************/
function SaltMe() {
//Secret keyword encrypted with sha1
return "4cefe49883b6dd1a00565e2a80fb035f348da3aa";
}
这是我的登录检查
$select_user_sql = $this->db->selectSQL("*", "tdic_users", "email = '". $email ."' AND password = '". sha1($this->main->SaltMe($password)) ."'");
无论我在密码字段输入什么,我最终都会:
1c2c2961d35148e8dfc83c7b31cf144f0987de9d
这也是我的加密密码。但是我可以输入任何我想要匹配密码的内容并不好。
登录表单的操作是validatelogin.php,其中包含:
$user = new UserHandling();
$user->UserLogMeIn($_POST["login_email"], $_POST["login_password"]);
登录功能:
/**********************************************************
* User login function
*
* @param string | User's email
* @param string | User's password
**********************************************************/
function UserLogMeIn($email, $password) {
$select_user_sql = $this->db->selectSQL("*", "tdic_users", "email = '". $email ."' AND password = '". sha1($this->main->SaltMe($password)) ."'");
$select_user_result = $this->db->SQLquery($select_user_sql);
if(mysql_num_rows($select_user_result) < 1) {
$this->main->txtOutput("Wrong email or password", "TXT_ERR"); //The user typed something wrong.
} else {
while($row = $this->db->SQLfetch($select_user_result)) {
/*** We will check if user have activated the profile ***/
if($row["activated"] == 0) {
$this->main->txtOutput("Your profile haven't been activated! You need to click on the activation link in the email you recieved upon registration.", "TXT_ERR"); //The user haven't activated the new profile. This is necessary for security / spamming reasons
$this->main->JSredirector("http://localhost/test/login.php", 5); //Redirect the user back from where he/she came from
} else {
/*** Everything is in order and we will let the user in ***/
$_SESSION["usr_logged_in"] = 1;
$_SESSION["user_email"] = $row["email"];
$_SESSION["user_id"] = $row["user_id"];
$_SESSION["user_name"] = $row["name"];
/*** This will just update the last login field in the user table ***/
$fields = array("user_last_logged_in" => time());
$update_user_sql = $this->db->updateSQL('tdic_users', 'email = "'. $email .'"', $fields);
$this->db->SQLquery($update_user_sql);
}
}
}
}
我无法确定字符串的设置位置,因此始终匹配!
答案 0 :(得分:4)
您的SaltMe函数没有获得参数,它只返回相同的字符串。所以
SaltMe($password)
不会做你想要的。
但是,严肃地说:停止尝试实施自己的密码哈希方案。你在这里询问你的实施中的错误的事实应该足够证明你不能理解这么做。使用库,例如bcrypt(Portable PHP Password Hashing Framework有实施)和stay far away from ever implementing any crypto code yourself。
答案 1 :(得分:2)
当盐腌通过时,U返回一个常量字符串。尝试
function SaltMe($pass) {
// Pass salted with Secret keyword encrypted with sha1
return "4cefe49883b6dd1a00565e2a80fb035f348da3aa" . $pass;
}
同样,SLaks说,你有SQLinj。最好使用PDO或mysqli数据库函数。
答案 2 :(得分:1)
您只是对盐字符串进行哈希处理,您没有将其作为密码前缀。
"4cefe49883b6dd1a00565e2a80fb035f348da3aa" -> [SHA-1] -> "1c2c2961d35148e8dfc83c7b31cf144f0987de9d"
在对密码进行哈希处理之前,您需要在密码前加上盐。