在教程的基础上实现基本用户注册+使用salt登录系统。目前我正在使用它进行注册阶段:
define('SALT_LENGTH', 9);
function generateHash($plainText, $salt = null)
{
if ($salt === null)
{
$salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
}
else
{
$salt = substr($salt, 0, SALT_LENGTH);
}
return $salt . sha1($salt . $plainText);
}
$newpass = generateHash($_POST['newpass']);
followed by:
$sql = "INSERT INTO user SET
userid = '$_POST[newid]',
password = PASSWORD('$newpass'), ... etc"
这很好用。
我现在想比较输入密码以检查是否相等(在单独的访问控制文件中):
define('SALT_LENGTH', 9);
function generateHash($plainText, $salt)
{
$salt = substr($salt, 0, SALT_LENGTH);
return $salt . sha1($salt . $plainText);
}
$sql = "SELECT password FROM user WHERE
userid = '$uid'";
$result = mysql_query($sql);
$row = mysql_fetch_row($result);
$comparepwd = generateHash($pwd, $row['password']);
if (mysql_num_rows($result) == 0 || $comparepwd != $row['password']) {
//access denied, unset session variables
}
原则上我认为这应该有效。我是PHP / MySQL的新手,所以如果你能告诉他为什么不工作,我将非常感激。非常感谢!
编辑:刚才意识到,是因为INSERT INTO user SET
userid = '$_POST[newid]',
password = PASSWORD('$newpass')
PASSWORD('$ newpass')是否进一步支持MySQL?
答案 0 :(得分:2)
是的,密码功能是单向哈希,你不应该真的使用它!
http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_password