使用pda / salt的php登录脚本不起作用

时间:2014-04-08 20:51:15

标签: php html mysql pdo phpmyadmin

我正在尝试使用这些技术创建一个登录页面,并找到了一个很好的教程。我已经能够注册一个用户,它在数据库+盐中散列。问题是它无法登录,好像它看不到正常密码与散列密码相同。它不断重新打开index.html而不是dashboard.php。我试图让几个用户。

寄存器:

<?php
//retrieve our DATA FROM POST
$username = $_POST['username'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];

IF($password1 != $password2)
    header('Location: registration.html');

IF(strlen($username) > 30)
    header('Location: registration.html');

$hash = hash('sha256', $password1);

FUNCTION createSalt()
{
    $text = md5(uniqid(rand(), TRUE));
    RETURN substr($text, 0, 3);
}

$salt = createSalt();
$password = hash('sha256', $salt . $hash);

$conn = NEW PDO('mysql:host=myhost;dbname=mydatabase', 'myusername', 'mypassword');

$qry = $conn->PREPARE('INSERT INTO mytable (username, password, salt) VALUES (?, ?, ?)');
$qry->EXECUTE(array($username, $password, $salt));

header('Location: login.php');
?>

登录:

<?php
ob_start();
session_start();

$username = $_POST['username'];
$password = $_POST['password'];

$conn = mysql_connect('myhost', 'myusername', 'mypassword');
mysql_select_db('mydatabase', $conn);

$username = mysql_real_escape_string($username);
$query = "SELECT user_id, username, password, salt
        FROM mutable
        WHERE username = '$username';";

$result = mysql_query($query);

if(mysql_num_rows($result) == 0) // User not found. So, redirect to login_form again.
{
    header('Location: index.html');
}

$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );

if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
{
    header('Location: index.html');
}else{ // Redirect to home page after successful login.
    session_regenerate_id();
    $_SESSION['sess_user_id'] = $userData['id'];
    $_SESSION['sess_username'] = $userData['username'];
    session_write_close();
    header('Location: dashboard.php');
}
?>

dashboard.php有:

<?php
//Start session
session_start();

//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['sess_user_id']) || (trim($_SESSION['sess_user_id']) == '')) {
    header("location: index.html");
    exit();
}
?>

0 个答案:

没有答案
相关问题
最新问题