问题是我只是尝试使用此脚本登录,并且我唯一可以使其工作的是,如果我根据提供的用户名取出从数据库中检索salt的行并放入哈希密码手动。关于整个问题的奇怪之处在于,这是我在我制作的另一个网站上的确切方式,它完美无缺。会发生什么事情,它会使页面空白,甚至不显示错误。如果有人有解决方案,我会很高兴听到他们或建议更好的方法。
<?php
include 'includes/calendar-functions.php';
//user login
if(isset($_POST['membership_id']) && isset($_POST['user_password']) && $_POST['membership_id'] != "" && $_POST['user_password'] != "" ) {
//Setting up VARS
$newUsername = mysql_real_escape_string($_POST['membership_id']);
$newPassword = mysql_real_escape_string($_POST['user_password']);
$saltQuery = 'SELECT `salt` FROM `vintage_user` WHERE membership_id = '.$newUsername;
$resultSalt = mysql_query($saltQuery, $connect) or die( mysql_error() );
while ($row = mysql_fetch_assoc($resultSalt)) {
$salt = $row["salt"];
}
$saltedPW = $newPassword . $salt;
$hashedPW = hash('sha256', $saltedPW);
// QUERYING DB FOR USERNAME AND PASSWORD
$query = 'SELECT *
FROM vintage_user
WHERE membership_id = "'.$newUsername.'"
AND user_password = "'.$hashedPW.'"
AND approved = "1"
LIMIT 1';
$result = mysql_query( $query, $mysql ) or die( mysql_error() );
if( mysql_num_rows( $result ) == 1 ) {
list( $_SESSION['user_first'],
$_SESSION['user_last'],
$_SESSION['user_id'],
$_SESSION['user_email'],
$_SESSION['membership_id'] ) = mysql_fetch_row( $result );
header( 'location:'.'calendar.php?m='.$month.'d=1&y='.$year );
die();
}
else {
echo '<p class="incorrect">Incorrect login and/or password</p>';
}
}
答案 0 :(得分:1)
如果启用了magic_quotes_gpc,请先将stripslashes()应用于数据。对已经转义的数据使用此函数将使数据转义两次。
答案 1 :(得分:0)
尝试使用blowfish加密方法,它对我有用。
的functions.php
<?php
include_once("Blowfish.php");
function Eencrypt($cipher, $plaintext){
$ciphertext = "";
$paddedtext = maxi_pad($plaintext);
$strlen = strlen($paddedtext);
for($x=0; $x< $strlen; $x+=8){
$piece = substr($paddedtext,$x,8);
$cipher_piece = $cipher->encrypt($piece);
$encoded = base64_encode($cipher_piece);
$ciphertext = $ciphertext.$encoded;
}
return $ciphertext;
}
function Edecrypt($cipher,$ciphertext){
$plaintext = "";
$chunks = explode("=",$ciphertext);
$ending_value = count($chunks) ;
for($counter=0 ; $counter < ($ending_value-1) ; $counter++)
{
$chunk = $chunks[$counter]."=";
$decoded = base64_decode($chunk);
$piece = $cipher->decrypt($decoded);
$plaintext = $plaintext.$piece;
}
return $plaintext;
}
function maxi_pad($plaintext){
$str_len = count($plaintext);
//plain text must be div by 8
$pad_len = $str_len % 8;
for($x=0; $x<$pad_len; $x++){
$plaintext = $plaintext." ";
}
$str_len = count($plaintext);
if($str_len % 8){
print "padding function is not working\n";
}else{
return $plaintext;
}
return (-1);
}
?>
blowfish.php
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
/**
* Crypt_Blowfish allows for encryption and decryption on the fly using
* the Blowfish algorithm. Crypt_Blowfish does not require the mcrypt
* PHP extension, it uses only PHP.
* Crypt_Blowfish support encryption/decryption with or without a secret key.
*
*
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license/3_0.txt. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to license@php.net so we can mail you a copy immediately.
*
* @category Encryption
* @package Crypt_Blowfish
* @author Matthew Fonda <mfonda@php.net>
* @copyright 2005 Matthew Fonda
* @license http://www.php.net/license/3_0.txt PHP License 3.0
* @version CVS: $Id: Blowfish.php,v 1.81 2005/05/30 18:40:36 mfonda Exp $
* @link http://pear.php.net/package/Crypt_Blowfish
*/
require_once 'PEAR.php';
/**
*
* Example usage:
* $bf = new Crypt_Blowfish('some secret key!');
* $encrypted = $bf->encrypt('this is some example plain text');
* $plaintext = $bf->decrypt($encrypted);
* echo "plain text: $plaintext";
*
*
* @category Encryption
* @package Crypt_Blowfish
* @author Matthew Fonda <mfonda@php.net>
* @copyright 2005 Matthew Fonda
* @license http://www.php.net/license/3_0.txt PHP License 3.0
* @link http://pear.php.net/package/Crypt_Blowfish
* @version @package_version@
* @access public
*/
class Crypt_Blowfish
{
/**
* P-Array contains 18 32-bit subkeys
*
* @var array
* @access private
*/
var $_P = array();
/**
* Array of four S-Blocks each containing 256 32-bit entries
*
* @var array
* @access private
*/
var $_S = array();
/**
* Mcrypt td resource
*
* @var resource
* @access private
*/
var $_td = null;
/**
* Initialization vector
*
* @var string
* @access private
*/
var $_iv = null;
/**
* Crypt_Blowfish Constructor
* Initializes the Crypt_Blowfish object, and gives a sets
* the secret key
*
* @param string $key
* @access public
*/
function Crypt_Blowfish($key)
{
if (extension_loaded('mcrypt')) {
$this->_td = mcrypt_module_open(MCRYPT_BLOWFISH, '', 'ecb', '');
$this->_iv = mcrypt_create_iv(8, MCRYPT_RAND);
}
$this->setKey($key);
}
/**
* Deprecated isReady method
*
* @return bool
* @access public
* @deprecated
*/
function isReady()
{
return true;
}
/**
* Deprecated init method - init is now a private
* method and has been replaced with _init
*
* @return bool
* @access public
* @deprecated
* @see Crypt_Blowfish::_init()
*/
function init()
{
$this->_init();
}
/**
* Initializes the Crypt_Blowfish object
*
* @access private
*/
function _init()
{
$defaults = new Crypt_Blowfish_DefaultKey();
$this->_P = $defaults->P;
$this->_S = $defaults->S;
}
/**
* Enciphers a single 64 bit block
*
* @param int &$Xl
* @param int &$Xr
* @access private
*/
function _encipher(&$Xl, &$Xr)
{
for ($i = 0; $i < 16; $i++) {
$temp = $Xl ^ $this->_P[$i];
$Xl = ((($this->_S[0][($temp>>24) & 255] +
$this->_S[1][($temp>>16) & 255]) ^
$this->_S[2][($temp>>8) & 255]) +
$this->_S[3][$temp & 255]) ^ $Xr;
$Xr = $temp;
}
$Xr = $Xl ^ $this->_P[16];
$Xl = $temp ^ $this->_P[17];
}
/**
* Deciphers a single 64 bit block
*
* @param int &$Xl
* @param int &$Xr
* @access private
*/
function _decipher(&$Xl, &$Xr)
{
for ($i = 17; $i > 1; $i--) {
$temp = $Xl ^ $this->_P[$i];
$Xl = ((($this->_S[0][($temp>>24) & 255] +
$this->_S[1][($temp>>16) & 255]) ^
$this->_S[2][($temp>>8) & 255]) +
$this->_S[3][$temp & 255]) ^ $Xr;
$Xr = $temp;
}
$Xr = $Xl ^ $this->_P[1];
$Xl = $temp ^ $this->_P[0];
}
/**
* Encrypts a string
*
* @param string $plainText
* @return string Returns cipher text on success, PEAR_Error on failure
* @access public
*/
function encrypt($plainText)
{
if (!is_string($plainText)) {
PEAR::raiseError('Plain text must be a string', 0, PEAR_ERROR_DIE);
}
if (extension_loaded('mcrypt')) {
return mcrypt_generic($this->_td, $plainText);
}
$cipherText = '';
$len = strlen($plainText);
$plainText .= str_repeat(chr(0),(8 - ($len%8))%8);
for ($i = 0; $i < $len; $i += 8) {
list(,$Xl,$Xr) = unpack("N2",substr($plainText,$i,8));
$this->_encipher($Xl, $Xr);
$cipherText .= pack("N2", $Xl, $Xr);
}
return $cipherText;
}
/**
* Decrypts an encrypted string
*
* @param string $cipherText
* @return string Returns plain text on success, PEAR_Error on failure
* @access public
*/
function decrypt($cipherText)
{
if (!is_string($cipherText)) {
PEAR::raiseError('Chiper text must be a string', 1, PEAR_ERROR_DIE);
}
if (extension_loaded('mcrypt')) {
return mdecrypt_generic($this->_td, $cipherText);
}
$plainText = '';
$len = strlen($cipherText);
$cipherText .= str_repeat(chr(0),(8 - ($len%8))%8);
for ($i = 0; $i < $len; $i += 8) {
list(,$Xl,$Xr) = unpack("N2",substr($cipherText,$i,8));
$this->_decipher($Xl, $Xr);
$plainText .= pack("N2", $Xl, $Xr);
}
return $plainText;
}
/**
* Sets the secret key
* The key must be non-zero, and less than or equal to
* 56 characters in length.
*
* @param string $key
* @return bool Returns true on success, PEAR_Error on failure
* @access public
*/
function setKey($key)
{
if (!is_string($key)) {
PEAR::raiseError('Key must be a string', 2, PEAR_ERROR_DIE);
}
$len = strlen($key);
if ($len > 56 || $len == 0) {
PEAR::raiseError('Key must be less than 56 characters and non-zero. Supplied key length: ' . $len, 3, PEAR_ERROR_DIE);
}
if (extension_loaded('mcrypt')) {
mcrypt_generic_init($this->_td, $key, $this->_iv);
return true;
}
require_once 'Blowfish/DefaultKey.php';
$this->_init();
$k = 0;
$data = 0;
$datal = 0;
$datar = 0;
for ($i = 0; $i < 18; $i++) {
$data = 0;
for ($j = 4; $j > 0; $j--) {
$data = $data << 8 | ord($key{$k});
$k = ($k+1) % $len;
}
$this->_P[$i] ^= $data;
}
for ($i = 0; $i <= 16; $i += 2) {
$this->_encipher($datal, $datar);
$this->_P[$i] = $datal;
$this->_P[$i+1] = $datar;
}
for ($i = 0; $i < 256; $i += 2) {
$this->_encipher($datal, $datar);
$this->_S[0][$i] = $datal;
$this->_S[0][$i+1] = $datar;
}
for ($i = 0; $i < 256; $i += 2) {
$this->_encipher($datal, $datar);
$this->_S[1][$i] = $datal;
$this->_S[1][$i+1] = $datar;
}
for ($i = 0; $i < 256; $i += 2) {
$this->_encipher($datal, $datar);
$this->_S[2][$i] = $datal;
$this->_S[2][$i+1] = $datar;
}
for ($i = 0; $i < 256; $i += 2) {
$this->_encipher($datal, $datar);
$this->_S[3][$i] = $datal;
$this->_S[3][$i+1] = $datar;
}
return true;
}
}
?>
使用example.php
<?php
include_once('functions.php');
include_once('blowfish.php');
//NOTE: This is the key or password for encrypting your files.
// THIS MUST BE 8 CHARACTERS
$key = "12345678";
//This is the text to be encrypted
$plaintext = "stringtoencrypt";
//This is a blowfish cipher object
$cipher = new Crypt_Blowfish($key);
//This is the encrypted text
$ciphertext = Eencrypt($cipher,$plaintext);
$ciphertext = $plaintext;
print $ciphertext."</br>";
//If the var to decrypt is sent by $_GET
$key = "";
$url = explode(" ",$_GET['key']);
for ($i=0; $i < count($url)-1; $i++) {
@$key .= $url[$i]."+";
}
$key = $key.array_pop($url);
//This is the Decrypted text.
$desencriptado = Edecrypt($cipher, $key);
print "desencriptado es: ".$desencriptado;
?>