我在编写适用于我的注册脚本的登录脚本时遇到了麻烦。
register.php
$username = $_POST['signupEmail'];
$password = $_POST['signupPassword'];
$gender = $_POST['signupGender'];
$country = $_POST['signupCountry'];
$salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
$password = hash('sha512', $password . $salt);
$query = mysqli_query($con, "INSERT INTO sh_users (username, password, salt, gender, country) Values ('" . $username . "' , '" . $password . "' , '" . $salt . "' , '" . $gender . "' , '" . $country . "')") or die(mysqli_error($con));
这没有问题 - 数据库中的所有值。
的login.php
$query = "SELECT *
FROM sh_users
WHERE username = '$username';";
$result = mysqli_query($con, $query);
$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$salt = $userData['salt'];
$hash = hash('sha512', $password . $salt);
if ($hash != $userData['password'])
{
echo "Incorrect email or password";
}
else
{
echo "success";
}
如果我回显echo $password,那么它与我输入的相同(是的,我正在使用正确的密码)。同样,$salt匹配数据库中的内容。但是,尽管我在两个脚本中都使用了相同的哈希方法,但$hash给出了恶意结果。
我哪里错了?
更新
问题是$_POST['signupPassword']在我var_dump()顶部register.php时返回null。
奇怪的是倾销$_POST['signupPassword2']很好,但我想了解两者之间的区别。
这是我的表格(我以为我第一次发帖,道歉)。
<form id="signup-form" action="" method="POST">
<input name="signupEmail" type="email" class="form-control" id="signupEmail" placeholder="Email address">
<input name="signupPassword" type="password" class="form-control" id="signupPassword" placeholder="Password">
<input name="signupPassword2" type="password" class="form-control" id="signupPassword2" placeholder="Password">
<select name="signupCountry" id="signupCountry" class="selectpicker">
<option value="0">Country</option>
<option value="United States">United States</option>
<option value="United Kingdom">United Kingdom</option>
<option>Canada</option>
</select>
<select name="signupGender" id="signupGender" class="selectpicker">
<option value="0">Gender</option>
<option value="f">Female</option>
<option value="m">Male</option>
</select>
<button id="signup" class="btn btn-success btn-block signup" type="submit">Sign up</button>
</form>
答案 0 :(得分:0)
register.php
$username = $_POST['signupEmail'];
$password = $_POST['signupPassword'];
$gender = $_POST['signupGender'];
$country = $_POST['signupCountry'];
$salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
$password_hashed = hash('sha512', $password . $salt); //i changed var name, because, name var name? this gives a conflit if vars are equal
$query = mysqli_query($con, "INSERT INTO sh_users (username, password, salt, gender, country) Values ('" . $username . "' , '" . $password_hashed . "' , '" . $salt . "' , '" . $gender . "' , '" . $country . "')") or die(mysqli_error($con));
的login.php
$query = "SELECT *
FROM sh_users
WHERE username = '$username';";
$result = mysqli_query($con, $query);
$row_result = mysqli_fetch_assoc($result); //this will work, not the code that you had, if mysqli_fetch_assoc is not correctly write, sorry, but i think that is it
$salt = $row_result['salt'];
$hash = hash('sha512', $password . $salt);
if ($hash != $userData['password'])
{
echo "Incorrect email or password";
}
else
{
echo "success";
}
<form id="signup-form" action="" method="POST">
<input name="signupEmail" type="email" class="form-control" id="signupEmail" placeholder="Email address">
<input name="signupPassword" type="password" class="form-control" id="signupPassword" placeholder="Password">
<select name="signupCountry" id="signupCountry" class="selectpicker">
<option value="0">Country</option>
<option value="United States">United States</option>
<option value="United Kingdom">United Kingdom</option>
<option>Canada</option>
</select>
<select name="signupGender" id="signupGender" class="selectpicker">
<option value="0">Gender</option>
<option value="f">Female</option>
<option value="m">Male</option>
</select>
<button id="signup" class="btn btn-success btn-block signup" type="submit">Sign up</button>
</form>
它在表单中输入错误,但是不使用var_dump(),我对该变量有几处错误。