BCrypt在数据库中验证密码密码

时间:2017-03-09 11:37:09

标签: c# mysql bcrypt

我正在尝试验证数据库中已经使用BCrypt进行哈希处理的哈希密码。

我有两个网页表单,一个登录页面和注册页面。

在注册页面中,我创建哈希,验证哈希并将其插入数据库。工作正常。

在登录页面中,我从数据库中选择哈希密码,并将其与文本框中提交的密码进行比较。

在根据提交的密码验证数据库中的哈希时,我似乎遇到了麻烦,我不知道出了什么问题。

这是注册页面代码:

protected void registerbutton_Click(object sender, EventArgs e)
    {
        string myPassword = passwordtextbox.Text;
        string mySalt = BCryptHelper.GenerateSalt();     
        string myHash = BCryptHelper.HashPassword(myPassword, mySalt);
        bool doesPasswordMatch = BCryptHelper.CheckPassword(myPassword, myHash);


        if (doesPasswordMatch == true)
        {
                using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
                using (SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users (Username, Password, FirstName, LastName) VALUES (@username, @password, @firstname, @lastname)", conn))
                {
                    cmd.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
                    cmd.Parameters.Add("@password", SqlDbType.Char).Value = myHash;
                    cmd.Parameters.Add("@firstname", SqlDbType.NVarChar).Value = firstnametextbox.Text;
                    cmd.Parameters.Add("@lastname", SqlDbType.NVarChar).Value = lastnametextbox.Text;

                    conn.Open();
                    cmd.ExecuteNonQuery();
                    conn.Close();

                    registerlabel3.Text = myHash;


            }
        }
        else
        {
            registerlabel3.Text = "Error";
        }
    }

以下是登录页面代码:

protected void loginbutton_Click(object sender, EventArgs e)
    {
        const string query = "SELECT Username, Password FROM dbo.Users WHERE Username = @username";

        using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString))
        using (SqlCommand cmd = new SqlCommand(query, conn))
        {
            cmd.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text;
            conn.Open();

            //string hashedPassword = BCrypt.Net.BCrypt.HashPassword(passwordtextbox.Text);

            using (SqlDataReader reader = cmd.ExecuteReader())
            {
                while (reader.Read())
                {
                    var passwordInDb = reader.GetString(1);

                    Label3.Text = "submitted = " + passwordtextbox.Text;
                    Label4.Text = "database hash = " + passwordInDb;

                    if(BCryptHelper.CheckPassword(passwordtextbox.Text, reader.GetString(1)))
                    {
                        //login
                        loginlabel.Text = "Success";
                    }
                    else
                    {
                        loginlabel.Text = "Error";
                    }




                }
            }
        }
    }

感谢帮助和反馈。

2 个答案:

答案 0 :(得分:0)

写入数据库时​​,请尝试:

@Override protected Void doInBackground(Void... params) { HttpHandler sh = new HttpHandler(); String jsonStr = sh.makeServiceCall(url); Log.e(TAG, "Response from URL: " + jsonStr); if (jsonStr != null) { try { JSONArray array = new JSONArray(jsonStr); for (int i = 0; i < array.length(); i++) { JSONObject jsonObject = array.getJSONObject(i); JSONArray paises = jsonObject.optJSONArray("paises"); if (paises != null) { for (int j = 0; j < paises.length(); j++) { JSONObject jsonObject1 = paises.getJSONObject(j); System.out.println(jsonObject1.optString("Designacao")); String K_PAIS = jsonObject1.getString("K_PAIS"); String Designacao = jsonObject1.getString("Designacao"); String URL_IMAGE_SMALL = jsonObject1.getString("URL_IMAGE_SMALL"); String URL_IMAGEM = "http://something.something.pt" + URL_IMAGE_SMALL; new DownloadImage(imageView6).execute(URL_IMAGEM); HashMap<String, String> pais = new HashMap<>(); pais.put("K_PAIS", K_PAIS); pais.put("Designacao", Designacao); pais.put("URL_IMAGE_SMALL", URL_IMAGE_SMALL); pais.put("URL_IMAGEM", URL_IMAGEM); listaPaises.add(pais); } } System.out.println(jsonObject.optString("Designacao")); } } catch (final JSONException e) { Log.e(TAG, "Json parsing error: " + e.getMessage()); runOnUiThread(new Runnable() { @Override public void run() { Toast.makeText(getApplicationContext(), "Json parsin error: " + e.getMessage(), Toast.LENGTH_LONG).show(); } }); } } else { Log.e(TAG, "Couldn't get json from server."); runOnUiThread(new Runnable() { @Override public void run() { Toast.makeText(getApplicationContext(), "Couldn't get json from server. Check LogCat for possible errpr!", Toast.LENGTH_LONG).show(); } }); } return null; } {...} public class DownloadImage extends AsyncTask<String, Void, Bitmap> { ImageView bmImage; public DownloadImage(ImageView bmImage) { this.bmImage = (ImageView) bmImage; } protected Bitmap doInBackground(String... urls) { String urldisplay = urls[0]; Bitmap mIcon11 = null; try { InputStream in = new java.net.URL(urldisplay).openStream(); mIcon11 = BitmapFactory.decodeStream(in); } catch (Exception e) { Log.d("Error", e.getStackTrace().toString()); } return mIcon11; } protected void onPostExecute(Bitmap result) { bmImage.setImageBitmap(result); } }

答案 1 :(得分:0)

将数据库字段设置为CHAR(60)

我将存储散列密码的数据库字段设置为CHAR(60),现在可以正常工作。

为什么它必须特别是CHAR(60),我不知道,但它有效。

如果可以解释这会很好。

相关问题
最新问题