我的测试功能:
<?php
include_once("core/init.php");
$admin = new Admin();
$name = "akhil";
$password = "daydreamers";
$salt = Hash::salt(24);
$hash = Hash::make($password,$salt);
/*echo $hash;
echo "<br/>";*/
$admin->newAdmin($name,$hash,$salt);
$dsalt = $admin->getSalt($name);
if($salt != $dsalt){
echo "Wrong";
}
/*echo Hash::make($password,$dsalt);
echo "<br/>";
//$admin->verify($name,$password);
echo $admin->getPassword($name);*/
?>
哈希类:
<?php
class Hash{
public static function make($string,$salt=''){
return hash('sha256', $string . $salt);
}
public static function salt($length){
return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
}
}
?>
我存储的盐和从数据库中检索到的盐不匹配。我已经浏览了其他帖子,似乎建议增加列大小但不起作用。
答案 0 :(得分:1)
由于您正在使用密码,我建议切换到password_hash()功能,并忘记上面的不安全实现。 password_hash()函数将关注salt,并且您不需要单独存储它,只需将哈希存储在单个varchar(255)字段中。
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);