这是“注册成功”页面:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Registration Successful</title>
</head>
<body>
<p>
<?php
// Make a MySQL Connection
mysql_connect("localhost", "userid", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$name=$_POST['name'];
$age=$_POST['age'];
// These only work for CRYPT_SHA512, but it should give you an idea of how crypt() works.
$Salt = uniqid(); // Could use the second parameter to give it more entropy.
$Algo = '6'; // This is CRYPT_SHA512 as shown on http://php.net/crypt
$Rounds = '10000'; // The more, the more secure it is!
// This is the "salt" string we give to crypt().
$CryptSalt = '$' . $Algo . '$rounds=' . $Rounds . '$' . $Salt;
$hashed_password = crypt($_POST['password'], $CryptSalt);
// Insert a row of information into the table "example"
mysql_query("INSERT INTO example
(name, age, password) VALUES('$name', '$age', '$hashed_password' ) ")
or die(mysql_error());
echo "Data Inserted!";
?>
</p>
<p><a href="login.php">Click here to Login!</a></p>
</body>
</html>
这是登录检查页面:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Check</title>
</head>
<body>
<p>
<?php
// Make a MySQL Connection
mysql_connect("localhost", "userid", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$name=$_POST['name'];
// These only work for CRYPT_SHA512, but it should give you an idea of how crypt() works.
$Salt = uniqid(); // Could use the second parameter to give it more entropy.
$Algo = '6'; // This is CRYPT_SHA512 as shown on http://php.net/crypt
$Rounds = '10000'; // The more, the more secure it is!
// This is the "salt" string we give to crypt().
$CryptSalt = '$' . $Algo . '$rounds=' . $Rounds . '$' . $Salt;
$hashed_password = crypt($_POST['password1'], $CryptString);
$result = mysql_query("SELECT * FROM example WHERE name = '$name'");
$row = mysql_fetch_array($result);
if($row["name"]==$name && crypt($row["password"], $hashed_password) == $hashed_password){
echo"Hello $name !!!";
}
else{
echo"Sorry, your credentials are not valid, Please try again.";
}
?>
</p>
</body>
</html>
问题是当我尝试使用我在注册时使用的相同名称和密码登录时,我得到以下结果:
抱歉,您的凭据无效,请重试。
有人可以说出问题是什么吗?我的问题可能是愚蠢的,但我是一名入门级程序员,我真的需要帮助。
提前多多感谢。
这是我在登录时保存盐的重新修订的代码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Check</title>
</head>
<body>
<p>
<?php
// Make a MySQL Connection
mysql_connect("localhost", "userid", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$name=$_POST['name'];
// These only work for CRYPT_SHA512, but it should give you an idea of how crypt() works.
//$Salt = uniqid(); // Could use the second parameter to give it more entropy.
//$Algo = '6'; // This is CRYPT_SHA512 as shown on http://php.net/crypt
//$Rounds = '10000'; // The more, the more secure it is!
// This is the "salt" string we give to crypt().
//$CryptSalt = '$' . $Algo . '$rounds=' . $Rounds . '$' . $Salt;
$result = mysql_query("SELECT * FROM example WHERE name = '$name'");
$row = mysql_fetch_array($result);
$CryptSalt = $row["salt"];
$hashed_password = crypt($_POST['password1'], $CryptSalt);
if($row["name"]==$name && crypt($row["password"], $hashed_password) == $hashed_password){
echo"Hello $name !!!";
}
else{
echo"Sorry, your credentials are not valid, Please try again.";
}
?>
</p>
</body>
</html>
答案 0 :(得分:0)
登录时,您应该从数据库中查询哈希密码,并使用explode从那里获取盐,因为它是哈希密码的一部分。或者,您可以将盐保存在不同的字段中并从那里检索它或硬编码,以便为每个密码使用相同的盐。
答案 1 :(得分:0)
使用
if($row["name"]==$name and crypt($_POST['password1'], $row["password"]) == $row['password']) {
...
您不需要将盐保存在特殊列中,因为它已包含在crypt的输出中,例如crypt('secret','$ 6 $ mysalt $')给出“$ 6 $ mysalt $ UX6P1V ...”。 crypt()的一个特性是你可以将旧的哈希作为$ salt参数传递,让它使用相同的盐。