我最近设置了自己的专用服务器并安装了编写 PHP 脚本等所需的一切。但是当我从我的<返回加密密码时,我似乎遇到了问题em> MySQL 数据库,我不知道它是否与我的 PHP 配置有关,或者它是否与我的 MySQL 配置有关。基本上发生的事情是当我使用 PDO 从数据库中返回加密的密码时它会丢失某些字符,因此当 PHP 去比较用户输入的加密密码时使用数据库中保存的密码登录它会引发错误。
以下是一个例子:
加密后用户输入的密码: #7" 8wŖQE4YW6'u
从数据库返回的密码:?#7 ??“????? 8w?QE ?? 4YW?6?'?? u?
' '字符似乎变为'?'字符:S
我已经检查了 PHPMyAdmin 中的密码,看看它是否缺少任何字符,但是密码是匹配的,所以介于两者之间的某个地方,我不确定是否要这样做使用 PHP 设置或 MySQL 。
这是我的脚本:
哈希和盐脚本(modules.php):
<?php
/* Initialises the username variable. */
$username = $_SESSION['username'];
/* If the user has changed their details then this block of code will make the changes to the database.
if(isset($_POST['detailsChanged']) == 1)
{
$statement = $conn -> prepare("UPDATE people SET Firstname = :firstname, Surname = :surname, Email = :email WHERE Username = :username ");
$statement->bindParam(':firstname', $_POST['Firstname'], PDO::PARAM_INT);
$statement->bindParam(':surname', $_POST['Surname'], PDO::PARAM_INT);
$statement->bindParam(':email', $_POST['Email'], PDO::PARAM_INT);
$statement->bindParam(':username', $username, PDO::PARAM_INT);
$statement->execute();
}*/
if(isset($_SESSION["passed"]) == 1)
{
$statement = $conn->prepare("SELECT * FROM people WHERE username = '".$username."'");
$statement->execute();
$result = $statement->fetch();
$firstname = $result['Firstname'];
$surname = $result['Surname'];
$username2 = $result['Username'];
}
function pbkdf2( $p, $s, $c, $kl, $a = 'sha256' ) {
$hl = strlen(hash($a, null, true)); # Hash length
$kb = ceil($kl / $hl); # Key blocks to compute
$dk = ''; # Derived key
# Create key
for ( $block = 1; $block <= $kb; $block ++ ) {
# Initial hash for this block
$ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true);
# Perform block iterations
for ( $i = 1; $i < $c; $i ++ )
# XOR each iterate
$ib ^= ($b = hash_hmac($a, $b, $p, true));
$dk .= $ib; # Append iterated block
}
# Return derived key of correct length
return substr($dk, 0, $kl);
}
?>
PDO 初始化(出于安全原因删除了登录名和密码)( connection.php ):
<?php
$login = "*******";
$password = "********";
$dsn = "mysql:host=localhost;dbname=wishpiggy";
$opt = array(
// any occurring errors wil be thrown as PDOException
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
// an SQL command to execute when connecting
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'"
);
$conn = new PDO($dsn, $login, $password);
$conn->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND, "SET NAMES 'utf8'");
?>
登录页面
<?php ob_start(); session_start(); include ('sql_connect/connection.php'); include('sql_connect/modules.php');
//This section of code checks to see if the client is using SSL, if not
// if($_SERVER["HTTPS"] != "on")
// {
// header("HTTP/1.1 301 Moved Permanently");
// header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
// exit();
// }
//This if statement checks to see if the session variable 'username' is set, and if so it will redirect the user to their profile page.
if(isset($_SESSION["username"]))
{
header("Location: /home/");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Wish Piggy</title>
<link href="css/styles.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<script type="text/javascript" src="js/loginjs.js"></script>
</head>
<body>
<div class="index_div">
<div class="logo"><img src="img/wish_piggy.jpg" alt="" />
</div>
<div class="text"><span>89% Fulfilled</span>
</div>
<div class="bar"><img src="img/wish_piggy_bar.jpg" alt="" />
</div>
<div class="text">
<div class="text_l"><p>1,000,000 People</p>
</div>
<div class="text_r"><p>9,000,838 Wishes</p>
</div>
</div>
<div class="sign_in"><a id="show-panel" href="#"></a>
</div>
</div>
<div id="lightbox-panel">
<form id="loginForm" name="form" action="index.php" method="post" >
<input name="submitted" type="hidden" value="1" />
<div class="login_label"><img src="img/wish_piggy_login.jpg" alt="" /><a id="open_signin" href="#">SIGN UP HERE</a><p>Login</p><a id="close-panel" href="#"></a>
</div>
<div class="login_input"><input name="email" type="text" value="<?php if(isset($_COOKIE['username']) && $_COOKIE['username'] != ""){echo $_COOKIE['username']; $_SESSION["username"] = $_COOKIE['username']; $_SESSION["passed"] = 1; header("Location: /home/");}else{echo "Email";} ?>" onclick="this.value=''" />
</div>
<div class="input_label"><span>(e.g. johndoe@email.com)</span>
</div>
<div class="login_input"><input name="password" type="password" value="Password" onclick="this.value=''" />
</div>
<div class="input_label"><a href="#">Forgot Password</a>
</div>
<div class="login_submit">
<div class="login_checkbox"><input name="remember" type="checkbox" value="" /> <span>Remember me</span>
</div>
<div class="login_submit_input"><input name="submit" type="submit" value=""/>
</div>
</div>
</form>
</div>
<div id="lightbox"></div>
<div id="lightbox-panel2">
<div class="inner_lightbox2"><img src="img/wish_piggy_login.jpg" alt="" /><a id="close-panel2" href="#"></a>
</div>
<div class="signup_form">
<form action="index.php" method="post">
<input name="submitted" type="hidden" value="1" />
<div class="signup_form_label"><span>Firstname:</span>
</div>
<div class="signup_form_input"><input name="firstname" type="text" />
</div>
<div class="signup_form_label"><span>Surname:</span>
</div>
<div class="signup_form_input"><input name="surname" type="text" />
</div>
<div class="signup_form_label"><span>Email:</span>
</div>
<div class="signup_form_input"><input name="email" type="text" />
</div>
<div class="signup_form_label"><span>Confirm Email:</span>
</div>
<div class="signup_form_input"><input name="emailConfirm" type="text" />
</div>
<div class="signup_form_label"><span>Password:</span>
</div>
<div class="signup_form_input"><input name="password" type="text" />
</div>
<div class="signup_form_label"><span>Confirm Password:</span>
</div>
<div class="signup_form_input"><input name="passwordConfirm" type="text" />
</div>
<div class="signup_form_label2"><img src="img/wish_piggy_captcha.jpg" alt="" />
</div>
<div class="signup_form_input2"><input name="" type="text" />
</div>
<div class="signup_form_submit"><input name="" type="button" value="register" />
</div>
</form>
</div>
</div>
<?php
if(isset($_POST["submitted"]) == 1)
{
echo "caught data!";
$email = $_POST["email"];
$password = $_POST["password"];
if($password == "")
{
die ("Your username or password is incorrect.");
}
$usernameValidated = 0;
$statement = $conn->prepare("SELECT password FROM users WHERE email = :name");
$statement->bindParam(":name", $email);
$statement->execute();
$passCompare = $statement->fetch();
$passSubmitHashed = pbkdf2($password, "butterScotch", 1000, 32);
echo $passSubmitHashed;
echo " || ";
echo $password;
if($passSubmitHashed == $passCompare['password'])
{
$usernameValidated++;
}
echo "hurrdurr || " . $passCompare['password'];
if($usernameValidated == 0)
{
die("Your username or password is incorrect..");
}
}
if(isset($_POST["submitted"]) == NULL || isset($usernameValidated) > 0)
{
echo "<style> #text_contents{display: none;}</style>";
}
if(isset($usernameValidated) >= 1)
{
$_SESSION["username"] = $username;
$expiry = 60 * 60 * 6 + time();
setcookie('username', $username, $expiry);
$_SESSION["passed"] = $_POST["submitted"];
header("Location: /profile/");
}
ob_end_flush();
?>
<div id="lightbox2"></div>
<?php ob_end_flush(); ?>
</body>
</html>
答案 0 :(得分:4)
只需使用base64_encode对密码进行编码(保存前和比较时):)