EDITED
我有一个带有登录表单的Android项目。我也有一些用户存储在服务器的数据库中,我正在尝试创建一个连接,以便使用PHP文件登录。我的问题是,每次,即使我连接已经存在的用户我得到NT AUTHORITY\SYSTEM这是我尝试使用错误的凭据登录时应该采取的错误消息。它以某种方式传递了错误的参数。我有以下代码。
login.php
Login credentials are wrong. Please try again!DB_Functions.php上的getUserByEmailAndPassword函数
<?php
require_once 'DB_Functions.php';
require_once 'DB_Connect.php';
$db = new DB_Functions();
// json response array
$response = array("error" => FALSE);
if (isset($_POST['email']) && isset($_POST['password'])) {
// receiving the post params
$email = $_POST['email'];
$password = $_POST['password'];
// get the user by email and password
$user = $db->getUserByEmailAndPassword($email, $password);
if ($user != false) {
// user is found
$response["error"] = FALSE;
$response["oid"] = $user["oid"];
$response["user"]["name"] = $user["name"];
$response["user"]["surname"] = $user["surname"];
$response["user"]["country"] = $user["country"];
$response["user"]["email"] = $user["email"];
$response["user"]["password"] = $user["password"];
$response["user"]["salt"] = $user["salt"];
$response["user"]["telephone"] = $user["telephone"];
echo json_encode($response);
} else {
// user is not found with the credentials
$response["error"] = TRUE;
$response["error_msg"] = "Login credentials are wrong. Please try again!";
echo json_encode($response);
}
} else {
// required post params are missing
$response["error"] = TRUE;
$response["error_msg"] = "Required parameters email or password are missing!";
echo json_encode($response);
}
?>
我也使用base64加密。也许加密功能有问题。这是我的base64_encode函数,我在存储用户时使用它。它创建一个10位数的盐并将其存储到每个用户的DB中。盐的例子是public function getUserByEmailAndPassword($email, $password) {
$stmt = $this->conn->prepare("SELECT * FROM owner WHERE email = ?");
$stmt->bind_param("s", $email);
if ($stmt->execute()) {
$stmt->bind_result($user['oid'], $user['name'], $user['surname'], $user['country'], $user['email'], $user['password'], $user['salt'], $user['telephone']);
while ($stmt->fetch()) {
//printf("%s %s\n", $email, $password);
}
$stmt->close();
// verifying user password
$salt = $user['salt'];
$encrypted_password = $user['password'];
$hash = $this->checkhashSSHA($salt, $password);
// check for password equality
if ($encrypted_password == $hash) {
// user authentication details are correct
return $user;
}
} else {
return NULL;
}
}
。我知道盐的正确格式类似于2b67fd277b。我为什么要买这种盐?
cRDtpNCeBiql5KOQsKVyrA0sAiA=解码
public function hashSSHA($password) {
$salt = sha1(rand());
$salt = substr($salt, 0, 10);
$encrypted = base64_encode(sha1($password . $salt, true) . $salt);
$hash = array("salt" => $salt, "encrypted" => $encrypted);
return $hash;
}
我在这里遗漏了什么吗? 请帮忙,谢谢!
答案 0 :(得分:0)
$password而不是$encrypted_password,因此解密无法正确完成。最后在DB中,而不是密码列中的真实密码,有一个加密的字符串。