Question

为了澄清，我基本上是在重写这个问题。

我有一张桌子，如下所示：

CREATE TABLE IF NOT EXISTS `user` (
  `userid` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) NOT NULL,
  `email` varchar(255) NOT NULL,
  `status` enum('banned','moderated','user','author','moderator','admin','owner') NOT NULL DEFAULT 'user',
  `password` char(128) NOT NULL,
  `salt` char(128) NOT NULL,
  `description` text,
  PRIMARY KEY (`userid`),
  UNIQUE KEY `email` (`email`),
  UNIQUE KEY `name` (`name`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

表转储 - 电子邮件字段已编辑 - 是：

--
-- Dumping data for table `user`
--

INSERT INTO `user` (`userid`, `name`, `email`, `status`, `password`, `salt`, `description`) VALUES
(1, 'Rilbur Skryler', '', 'owner', '2008dff1d727007691867904af3a96677ec81847ff943470a9596b184ffdb8b0de03e6fa68d9a6cb03170bff78d8d50f703bcec9120727b9eee5dbceeb1bc26e', '5647f4d6165a42a17d1ac6a46f13dc11d4a3d8d4fcd7b16f88f0fecc659bd1a9ddd1cb79002a8b1ab9daf4da549dd2e516806cc4603dd20cbdde175bd5961049', 'Site owner and administrator'),
(2, 'Zacky', '', 'author', 'e7a10ef6b58734093286bb7ebba65b8dd36c1cc18bc59f16a6e05760230f228fbb0464131b6c1e4768e26792e9194f43d78c277eb7ac86775f9b46bbe4d9dde2', 'f42029a7c657e3998443ca1f1043202f8431fba3ec9471e389752e3e83c790d6193292678a5878dd45ba6d7496521bf8ecd6e469455d4c34d95b36495691941a', 'Wacky!'),
(3, 'Roland', '', 'author', 'e7a10ef6b58734093286bb7ebba65b8dd36c1cc18bc59f16a6e05760230f228fbb0464131b6c1e4768e26792e9194f43d78c277eb7ac86775f9b46bbe4d9dde2', 'f42029a7c657e3998443ca1f1043202f8431fba3ec9471e389752e3e83c790d6193292678a5878dd45ba6d7496521bf8ecd6e469455d4c34d95b36495691941a', 'Involuntary addition.');

实际的PHP代码（添加了注释）是：

$query="select ".db_prefix."user.salt, ".db_prefix."user.password from ".db_prefix."user where ".db_prefix."user.userid=:id";
echo $query.$id;//generates: select user.salt, user.password from user where user.userid=:id
$statement=$db->prepare($query);
$statement->execute(array('id'=>$id));
if($row=$statement->fetch())
{
    $salt=$row[0];//row[0] is filled with a randomized result as shown two lines down
    var_dump($row);
    echo "pre one: $salt\r\n";//I'm outputting the value of the salt, which appears to be randomly generated.
    echo "one";
    $passwordsalt=generateValueFromPasswordAndSalt($password, $salt);//Used to call the routine that generates a value from the combination of a password string and the salt.
    return $passwordsalt==$row[1];//This always returns 'false' because the stored password value never matches the generated value, as a result of the salt being the wrong string.
}

这个问题一直让我感到沮丧。为盐检索的值似乎是随机生成的（我说'看起来'因为我知道它不应该是随机的，我必须遗漏一些东西）。各种更改，例如在查询中反转salt和password值或用select *替换它们可以解决问题。这很好，但我不明白为什么他们解决它，所以我不相信他们。（另外，我想了解为什么会这样，所以我将来可以避免它）

如果重要，我正在使用如下初始化的PDO数据库对象：

function get_DB()
{
    static $db;
    if(isset ($db))
    {
        return $db;
    }
    else
    {
        try{
        $dsn = "mysql:host=".db_host.";dbname=".db_name;
        $db = new PDO($dsn, updater_login, updater_password);
        return $db;
        }
        catch(PDOException $e)
        {
            //echo $e->getMessage();
            return NULL;
        }
    }
}

随机返回的盐值包括：

9ed1358ccb614ee86f17a3cc964caaad3ab8ede7d705960aac2d5f4448c0f85d0acf581e2225d567789ac2f678b6a6662e4e7a8e55efb0d92be903249c44af7f

6feff9b576ba0b0aa5e3d61996e723ddc4bdc3e7777469409b4da095aae6fb9a6df84fdaa96029a27e07714c670d18c2b8707453e515a3632383b6b03925b04b

60fdc33fa77029f4627c39558417b1bb492a02d8cd56571b3091aff2123ee5545c5717a6a7c0553c7c659864e947f28c65627f3d288c51ef6c9b6de3f5175417

PHP输出：

跑一：

select user.salt, user.password from user where user.userid=:id1<pre class='xdebug-var-dump' dir='ltr'>
<b>array</b>
  'salt' <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'15316153f3206618917cf7319747eda5871a7b8e942b54dba6f42e8bc491197450285504a37eb825e6aff04871fde52c49e029cf7e3a1d8cb9fe8a0422f4cd03'</font> <i>(length=128)</i>
  0 <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'15316153f3206618917cf7319747eda5871a7b8e942b54dba6f42e8bc491197450285504a37eb825e6aff04871fde52c49e029cf7e3a1d8cb9fe8a0422f4cd03'</font> <i>(length=128)</i>
  'password' <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'a0d2c6b1bf7163f85738627ffbfd5bd343e9bdaf0b98f00f63f020abac398df426d01f1bdcd8a46771af881640a4210b536cc89b7cea91637d7db705e64144cc'</font> <i>(length=128)</i>
  1 <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'a0d2c6b1bf7163f85738627ffbfd5bd343e9bdaf0b98f00f63f020abac398df426d01f1bdcd8a46771af881640a4210b536cc89b7cea91637d7db705e64144cc'</font> <i>(length=128)</i>
</pre>pre one: 15316153f3206618917cf7319747eda5871a7b8e942b54dba6f42e8bc491197450285504a37eb825e6aff04871fde52c49e029cf7e3a1d8cb9fe8a0422f4cd03

one

运行二：

select user.salt, user.password from user where user.userid=:id1<pre class='xdebug-var-dump' dir='ltr'>
<b>array</b>
  'salt' <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'5647f4d6165a42a17d1ac6a46f13dc11d4a3d8d4fcd7b16f88f0fecc659bd1a9ddd1cb79002a8b1ab9daf4da549dd2e516806cc4603dd20cbdde175bd5961049'</font> <i>(length=128)</i>
  0 <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'5647f4d6165a42a17d1ac6a46f13dc11d4a3d8d4fcd7b16f88f0fecc659bd1a9ddd1cb79002a8b1ab9daf4da549dd2e516806cc4603dd20cbdde175bd5961049'</font> <i>(length=128)</i>
  'password' <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'2008dff1d727007691867904af3a96677ec81847ff943470a9596b184ffdb8b0de03e6fa68d9a6cb03170bff78d8d50f703bcec9120727b9eee5dbceeb1bc26e'</font> <i>(length=128)</i>
  1 <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'2008dff1d727007691867904af3a96677ec81847ff943470a9596b184ffdb8b0de03e6fa68d9a6cb03170bff78d8d50f703bcec9120727b9eee5dbceeb1bc26e'</font> <i>(length=128)</i>
</pre>pre one: 5647f4d6165a42a17d1ac6a46f13dc11d4a3d8d4fcd7b16f88f0fecc659bd1a9ddd1cb79002a8b1ab9daf4da549dd2e516806cc4603dd20cbdde175bd5961049

one

运行三：

select user.salt, user.password from user where user.userid=:id1<pre class='xdebug-var-dump' dir='ltr'>
<b>array</b>
  'salt' <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'5df34898a394a3476ed96bc16b5b015a776c25912ba5b94427ff09e2331267ad100f7218e636eb50635a459ca5cfa00cee846db889a920c87cb25bddb47888bf'</font> <i>(length=128)</i>
  0 <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'5df34898a394a3476ed96bc16b5b015a776c25912ba5b94427ff09e2331267ad100f7218e636eb50635a459ca5cfa00cee846db889a920c87cb25bddb47888bf'</font> <i>(length=128)</i>
  'password' <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'3f9e5a9a6d387d411439d51744b3bb402c67cba64a36f47d82fe92d583ead1e26752aeeaf42bca12d8ef18a5423d2cab79c985f4fbfce1a6e53532453787419e'</font> <i>(length=128)</i>
  1 <font color='#888a85'>=&gt;</font> <small>string</small> <font color='#cc0000'>'3f9e5a9a6d387d411439d51744b3bb402c67cba64a36f47d82fe92d583ead1e26752aeeaf42bca12d8ef18a5423d2cab79c985f4fbfce1a6e53532453787419e'</font> <i>(length=128)</i>
</pre>pre one: 5df34898a394a3476ed96bc16b5b015a776c25912ba5b94427ff09e2331267ad100f7218e636eb50635a459ca5cfa00cee846db889a920c87cb25bddb47888bf

one

Answer 1

EDIT
好的，另一个题为“如何提出合理的问题”的答案。

如果您遇到了一个奇怪的行为并且要询问有关它的问题，则必须提供详细的调查报告。

没有必要告诉我们“我这样做了，我做到了”。您将要求美国 - 因此，向美国提供您拥有的相同数据。

张贴你的桌子结构
张贴表转储
通过三次尝试发布三个日志，并提供完整的调试信息：
查询
结果是“随机的”。

完整地复制/粘贴结果
Var_dump输出包含可变长度 - 当前结果中没有。

“返回”这个词暗示我有一些关于generateValueFromPasswordAndSalt的东西，这是一个奇怪的叫做函数....

为什么我从MySQL查询中接收（显然）随机结果？

1 个答案: