使用Tuts Plus Hashing Tutorial时,检查哈希值时会不断返回false。密码肯定没有输入错误'111111'。我做了一个IF语句来回应它返回的内容,结果是'False'。
插入和选择信息的PDO查询都正常工作。
我的注册表单:
$pass_hash = PassHash::hash($_POST['pwd']);
$q = "INSERT INTO Users(password) VALUES (:password);";
$query = $db->prepare($q);
$query->bindParam(":password",$pass_hash);
$results = $query->execute();
$user_id = $db->lastInsertID();
我的登录表单:
<?php
require ("include/PassHash.php");
if(isset($_POST['login'])){
$email = $_POST['email'];
$password = $_POST['password'];
$query = $db->prepare('SELECT * FROM Users WHERE email = :email');
$query->bindParam(":email",$email);
$results = $query->execute();
$total = $query->rowCount();
$row = $query->fetch();
// Returns more than 0 rows (Email found) and checks hash.
if($total>0 && PassHash::check_password($row['password'], $_POST['password'])){
// Correct credentials.
$_SESSION['user_id'] = $row['id'];
$_SESSION['user_email'] = $email;
session_set_cookie_params(24*60*60);
ob_start();
header('Location: /index.php?p=user_account', true);
exit();
ob_end_flush();
} else {
// Incorrect password / email.
}
}
?>
PassHash.php
<?php
class PassHash {
// blowfish
private static $algo = '$2a';
// cost parameter
private static $cost = '$10';
// mainly for internal use
public static function unique_salt() {
return substr(sha1(mt_rand()),0,22);
}
// this will be used to generate a hash
public static function hash($password) {
return crypt($password,
self::$algo .
self::$cost .
'$' . self::unique_salt());
}
// this will be used to compare a password against a hash
public static function check_password($hash, $password) {
$full_salt = substr($hash, 0, 29);
$new_hash = crypt($password, $full_salt);
return ($hash == $new_hash);
}
}
?>
我已经提交了表单并且两者都显示后都打印了密码和电子邮件,因此这不是输入错误。
答案 0 :(得分:0)
将密码字段的VARCHAR(45)增加到VARCHAR(255)解决了问题。