PHP - 使用sha512重置密码后无法登录

时间:2016-12-16 15:00:46

标签: php mysqli passwords salt sha512

我正在构建一个简单的登录脚本,我可以注册并登录没问题。但是我现在正在尝试添加“忘记密码”功能,我无法弄清楚它为什么不起作用。

我可以使用我在注册脚本中使用的相同sha512和salting方法更新mysql表中的密码,但在更新后我无法再登录。

用户尝试登录时运行的登录功能如下:

if ($stmt = $mysqli->prepare("SELECT userID, firstName, pWord, salt FROM users WHERE email = ? AND conf = 1 LIMIT 1")) {
    $stmt->bind_param('s', $email);  // Bind "$email" to parameter.
    $stmt->execute();    // Execute the prepared query.
    $stmt->store_result();
    // get variables from result.
    $stmt->bind_result($user_id, $firstName, $db_password, $salt);
    $stmt->fetch();

    // hash the password with the unique salt.
    $password = hash('sha512', $password . $salt);
    if ($stmt->num_rows == 1) {
            // Check if the password in the database matches 
            // the password the user submitted.
            if ($db_password == $password) {
                ... // Log user in
            }
}
}

我的注册脚本的密码部分:

$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));

    // Create salted password 
    $password = hash('sha512', $password . $random_salt);

    // Insert the new user into the database 
    if ($insert_stmt = $mysqli->prepare("INSERT INTO users (firstName, lastName, email, pWord, salt, accConf, conf) VALUES (?, ?, ?, ?, ?, ?, 0)")) {

        $insert_stmt->bind_param('ssssss', $firstName, $lastName, $email, $password, $random_salt, $confirmation);
        $insert_stmt->execute();
... // Do something }

我的重置脚本的密码部分:

$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));

    // Create salted password 
    $password = hash('sha512', $password . $random_salt);

    // Update the user's password
    if ($update = $mysqli->prepare('UPDATE users SET pWord = ?, salt = ? WHERE email = ?')) {

        $update->bind_param('sss', $password, $random_salt, $email);
        $update->execute();
... //Do something }

我可以看到,在数据库中,密码更新,但是当我尝试使用新密码登录时,我的“无效登录详细信息错误正在显示。

更新后我的密码是否有效?

0 个答案:

没有答案