奇怪的密码_哈希问题

时间:2015-11-20 01:46:36

标签: php php-password-hash

所以我使用与我过去一段时间完全相同的脚本,出于某种原因,当我移动到我的新域并托管它时,我遇到了非常奇怪的问题,我创建了一个用户并得到了hm尝试登录,它不是为他工作我从一个随机的test.php文件中获得了一个新的哈希:这个php:

<?php
/**
 * In this case, we want to increase the default cost for BCRYPT to 12.
 * Note that we also switched to BCRYPT, which will always be 60 characters.
 */
$options = [
    'cost' => 9,
];
echo password_hash("His Pass", PASSWORD_BCRYPT, $options)."\n";
?>

然后工作,他登录正常,然后我尝试登录到我的主管理员帐户,由于某种原因,即使我现在尝试重新制作哈希2次,它现在也无法正常工作。

我不知道有什么事可以请有人赐教。

下面是登录代码:

//If User Submits Form continue;
if(isset($_POST['username'])) {

    //If the captcha wasn't submitted;
    if(empty($_POST['g-recaptcha-response'])) {

        //And theres already a try with there IP;
        if($trycount != '0') {

            //Increment there try count and give a notification;
            updateTries(); ?>
            <script type="text/javascript">localStorage.setItem("notification", "nocaptcha");</script> <?php

        //If there isn't a try on there IP yet;
        } else {

            //Add one try and give a notification;
            addTry(); ?>
            <script type="text/javascript">localStorage.setItem("notification", "nocaptcha");</script> <?php

        }

    //If the captcha was submitted;
    } else {

        //Set captcha variable to the Submitted Captcha Response;
        $captcha=$_POST['g-recaptcha-response'];

        //Captcha Verification Url;
        $url = 'https://www.google.com/recaptcha/api/siteverify?secret=t&response=';

        //JSON Encode the Captcha's response and Site IP;
        $response = json_decode(file_get_contents($url.urlencode($captcha).'&remoteip='.$_SERVER['REMOTE_ADDR']), true);

        //If the captcha wasn't verified;
        if($response['success'] == false) {

            //And theres already a try with there IP;
            if($trycount != '0') {

                //Increment there try count and give a notification;
                updateTries(); ?>
                <script type="text/javascript">localStorage.setItem("notification", "captchafailed");</script> <?php

            //If there isn't a try on there IP yet;
            } else {

                //Add one try and give a notification;
                addTry(); ?>
                <script type="text/javascript">localStorage.setItem("notification", "captchafailed");</script> <?php

            }

        //Otherwise if it was verified;
        } else {

            //Try log in with the given details;
            user_login($_POST['username'],$_POST['password']);

            //If logged in redirect and give a notification;        
            if(loggedin()) { ?>
                <script type="text/javascript">localStorage.setItem("notification", "loggedin");</script>
                <meta http-equiv="refresh" content="0;URL='https://gameshare.io'" /> <?php
            } else {

                //And theres already a try with there IP;
                if($trycount != '0') {

                    //Increment there try count and give a notification;
                    updateTries(); ?>
                    <script type="text/javascript">localStorage.setItem("notification", "loginfailed");</script> <?php

                //If there isn't a try on there IP yet;
                } else {

                    //Add one try and give a notification;
                    addTry(); ?>
                    <script type="text/javascript">localStorage.setItem("notification", "loginfailed");</script> <?php

                }

            }

        }

    }

}

User_login功能:

//Create a new function named user_login;
function user_login($username = false, $password = false) {

    //Fetch for the username and password applied;
    $st = fetch("SELECT username,password,email,image FROM users WHERE username = :username",array(":username"=>$username));

    //If a row was found continue
    if($st != 0) {

        $storedhash = $st[0]['password'];

        if (password_verify($password, $storedhash)) {

            //Set a new username session and set it the username;
            $_SESSION['username'] = $username;
            $_SESSION['email'] = $st[0]['email'];
            $_SESSION['image'] = $st[0]['image'];

            if($username == 'admin') {
                $_SESSION['role'] = 'admin';
            } else {
                $_SESSION['role'] = 'user';
            }

        }

    }

    //If no errors happened Make the $valid true;
    return true;

    $dontaddtry = true;

}

获取功能:

//Create a new function named fetch;
function fetch($sql = false,$bind = false,$obj = false) {

    //Prepare The SQL Query;
    $query = Connect()->prepare($sql);

    //Execute Binded Query;
    $query->execute($bind);

    //While Fetching Results;
    while($result = $query->fetch(PDO::FETCH_ASSOC)) {

        //Add a row to the results respectiveley;
        $row[] = $result;

    }

    //If there are no rows;
    if(!empty($row)) {

        //Make it an object;
        $row = ($obj)? (object) $row : $row;
    } else {

        //Else row is false;
        $row = false;
    }

    //If no errors happened Make $row true;
    return $row;

}

连接功能:

//Create a new function named LoggedIn, And apply database info;
function Connect($host = 'localhost',$username = 'x',$password = 'x',$dbname = 'x') {

    //Try execute the PHP with no errors;
    try {

        //Create a PDO Session;
        $con = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);

        //Session Attributes;
        $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

    }

    //Catch all PDOException errors;
    catch (PDOException $e) {

        //If any errors print result;
        echo "<code><pre>".print_r($e)."</pre></code>";

        //Make the PDO session false;
        $con = false;
    }

    //If no errors happened Make the PDO session true;
    return $con;
}

P.S如果你想在我的网站上试一个帐户,请告诉我并制作一个临时帐户。

1 个答案:

答案 0 :(得分:0)

确保您的新主机的php版本。 password_hash需要至少PHP 5.5.0

您可以通过以下代码检查当前的PHP版本。

<?php
    echo 'Current PHP version: ' . phpversion();
?>