正如标题所示,在尝试从我的数据库中检索用户时,我可以获得密码和用户名的匹配。 当我第一次创建用户时,我使用此方法也会使用密码:
mysql_select_db($user);
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
function hash_password($password1, $username1) {
return hash_hmac('sha512', $password1 . $username1, $site_key);
}
$sql=mysql_query("INSERT INTO _SCD_BACKUP_USERS (username, password)
VALUES ('".$username."','".hash_password($password, $username)."')");
$r=mysql_query($sql);
if(!$r)echo "Error in query: ".mysql_error();
mysql_close();`
这似乎工作正常!在数据库中获得我想要的东西。当我检索信息时,我无法使用此代码获得匹配:
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
function hash_password($password1, $username1) {
return hash_hmac('sha512', $password1 . $username1, $site_key);
}
$encrypted = hash_password($username, $password);
$sql = 'SELECT username FROM _SCD_BACKUP_USERS WHERE username = ? AND password = ?';
$result = $db -> query($sql, array($username, $encrypted));
if ($result -> numRows() < 1) {
$arr = array('same' => true);
} else {
$arr = array('same' => false);
}
print(json_encode($arr));
mysql_close();
有什么建议吗?
//安德烈
答案 0 :(得分:1)
参数向后
$encrypted = hash_password($username, $password);
应该是
$encrypted = hash_password($password, $username);