我正在构建一个简单的登录脚本,我可以注册并登录没问题。但是我现在正在尝试添加“忘记密码”功能,我无法弄清楚它为什么不起作用。
我可以使用我在注册脚本中使用的相同sha512和salting方法更新mysql表中的密码,但在更新后我无法再登录。
用户尝试登录时运行的登录功能如下:
if ($stmt = $mysqli->prepare("SELECT userID, firstName, pWord, salt FROM users WHERE email = ? AND conf = 1 LIMIT 1")) {
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($user_id, $firstName, $db_password, $salt);
$stmt->fetch();
// hash the password with the unique salt.
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
// Check if the password in the database matches
// the password the user submitted.
if ($db_password == $password) {
... // Log user in
}
}
}
我的注册脚本的密码部分:
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// Insert the new user into the database
if ($insert_stmt = $mysqli->prepare("INSERT INTO users (firstName, lastName, email, pWord, salt, accConf, conf) VALUES (?, ?, ?, ?, ?, ?, 0)")) {
$insert_stmt->bind_param('ssssss', $firstName, $lastName, $email, $password, $random_salt, $confirmation);
$insert_stmt->execute();
... // Do something }
我的重置脚本的密码部分:
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// Update the user's password
if ($update = $mysqli->prepare('UPDATE users SET pWord = ?, salt = ? WHERE email = ?')) {
$update->bind_param('sss', $password, $random_salt, $email);
$update->execute();
... //Do something }
我可以看到,在数据库中,密码是更新,但是当我尝试使用新密码登录时,我的“无效登录详细信息错误正在显示。
更新后我的密码是否有效?