我是编程新手,我刚刚在去年四月开始,今天我遇到了一个问题,因为在我的登录文件中我打电话给
$hashedPassword = $securityHelper->hashPassword($_POST['password'], $userFinded->getSalt());
哈希我的密码并与我的数据库中的哈希密码进行比较。 但是我总是得到不同的结果:
Password: Michelle123
Hached BD Password: 9705f99f231cef89289a57db52e202e4f9b221144c500734d3beb0d2eaf2371e3f2c203f914c1616383eee58548e3964d6402cb779041cc07bb2683b7110f3e5
Hached Password: 2085f93e3c4a241cc3f17327c1bf01f87330c9bdf03f8ec6fd6a04d6a62454ea6961aef395b08b5eac0d5c63ed49c1fcd2328b455d402bd623fb2f75908c8ee8
Salt: h7b867Xxk9WE2CugPT6TKJ6nHkvRhH1BMgC3B69fG5xfv47nZB
我在互联网上看过但我还没找到任何东西。
=>在我的登录文件中
$securityHelper = new SecurityHelper();
$userManager = new UserManager();
$userFinded = $userManager->findUserByEmail($email);
// Hache le mot de passe
$hashedPassword = $securityHelper->hashPassword($_POST['password'], $userFinded->getSalt());
if ($userFinded) {
echo 'Password: '.$_POST['password'];
echo '</br>';
echo 'Hached BD Password: '.$userFinded->getPassword();
echo '</br>';
echo 'Hached Password: '.$hashedPassword;
echo '</br>';
echo 'Salt: '.$userFinded->getSalt();
echo '</br>';
}
=&GT;这是我的SecurityHelper类:
class SecurityHelper {
private $pepper = "dfau0f90230932Ff@#UNKu9032%u032f9uf03209buguWETQTTwe";
public function randomString() {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$string = "";
for ($i = 0; $i < 50; $i++) {
$charNum = mt_rand(0, strlen($chars) - 1);
$string .= $chars[$charNum];
}
return $string;
}
public function hashPassword($plainPassword, $userSalt) {
//hache le mot de passe d'une manière lente, avec 2 chaînes concaténées
$hashedPassword = hash("sha512", $plainPassword);
for ($i = 0; $i < 5000; $i++) {
$hashedPassword = hash("sha512", $this->pepper . $hashedPassword . $userSalt);
}
return $hashedPassword;
}
}
=&GT;这是我的UserManager类函数
class UserManager extends EntityManager {
public function save(User $user) {
//requête d'insertion, avec paramètre nommés
$sql = "INSERT INTO vi_users
(email, password, nom, prenom, salt, token, dateCreated, dateModified)
VALUES
(:email, :password, :nom, :prenom, :token, :salt, :dateCreated, :dateModified)";
// Envoit la requête à MySQL
$stmt = $this->dbh->prepare($sql);
// Assigne des valeurs à chaque paramètre nommé
$stmt->bindValue(":email", $user->getEmail());
$stmt->bindValue(":password", $user->getPassword());
$stmt->bindValue(":nom", $user->getNom());
$stmt->bindValue(":prenom", $user->getPrenom());
$stmt->bindValue(":salt", $user->getSalt());
$stmt->bindValue(":token", $user->getToken());
$stmt->bindValue(":dateCreated", $user->getDateCreated()->format("Y-m-d H:i:s"));
$stmt->bindValue(":dateModified", $user->getDateModified()->format("Y-m-d H:i:s"));
//finalement, exécute la requête
$stmt->execute();
}
// Compte le nombre total d'utilisateur dans la bdd et retourne ce nombre
public function countUsers() {
include_once ("models/User.php");
$sql = "SELECT COUNT(*) FROM vi_users";
$stmt = $this->dbh->prepare($sql);
$stmt->execute();
$usersNumber = $stmt->fetchColumn();
return $usersNumber;
}
// Récupère (et retourne) tous les utilisateurs
function findAllUsers() {
include_once ("models/User.php");
$sql = "SELECT * FROM vi_users ORDER BY user ASC";
$stmt = $this->dbh->prepare($sql);
$stmt->execute();
$users = $stmt->fetchAll(PDO::FETCH_CLASS, "User");
return $users;
}
public function findUserById($id) {
include_once ("models/User.php");
$sql = "SELECT * FROM vi_users
WHERE id_user = :id";
$stmt = $this->dbh->prepare($sql);
$stmt->bindValue(":id", $id);
$stmt->execute();
$user = $stmt->fetchObject("User");
return $user;
}
public function findUserByEmail($email) {
include_once ("models/User.php");
$sql = "SELECT * FROM vi_users
WHERE email = :email";
$stmt = $this->dbh->prepare($sql);
$stmt->bindValue(":email", $email);
$stmt->execute();
$user = $stmt->fetchObject("User");
return $user;
}
}
答案 0 :(得分:0)
一位朋友终于帮我找到了我的代码中的错误,它出现在我的UserManager.php中,
当我存储新用户时,我犯了错误,并且反过来:token和:salt。
$sql = "INSERT INTO vi_users
(email, password, nom, prenom, salt, token, dateCreated, dateModified)
VALUES
(:email, :password, :nom, :prenom, :token, :salt, :dateCreated, :dateModified)";
更改此部分后,我的代码工作正常,我很高兴,谢谢你的帮助。
Password: Azerty123
Hached DB Password: 0efbadc9d0c32ca1c4c0421d212cc38cad2d2bfa8815faf18595470c50dbcce92283e3ff40170ada6cd2354345b8a48d26c32cd7c763ff79ed4b2ebb10c0e02d
Hached Password: 0efbadc9d0c32ca1c4c0421d212cc38cad2d2bfa8815faf18595470c50dbcce92283e3ff40170ada6cd2354345b8a48d26c32cd7c763ff79ed4b2ebb10c0e02d
Salt: YTXnJeo5NL8klA5PaQ1Hd7ShmuWs6UyuO4gWftBwKaIFpKQNNl