无法登录我的安全登录脚本PHP和MySQL [英] Can't Login into my Secure Login Script PHP and MySQL
问题描述
我最近开始学习PHP,并正在尝试按照本指南 sha512.js来自此处pajhome.org. uk/crypt/md5/sha512 .html,
以及上述WikiHow中的表格. 如果我使用相同的连接插入MySQL并可以正常工作,则连接不是问题. 感谢您对我的问题的关注,如果我没有提供足够的信息,请提出建议. 删除了许多代码,因为@SeanWM评论了我不应该期望没有人通过所有代码. @Robert Rozas谢谢您的帮助.密码确实不匹配.
输出为: 登录功能错误1 c2d872cb4c6a1b3c22ce35fb9dc0dfca14aa6d48与c2d872cb4c6a1b3c22ce35fb9dc0dfca14aa6d48cc2e8c3dcf02c87a3ddbb
请查看密码的构造方式: 从注册表格到.js: 然后通过php: ,然后插入MySQL.如果可以的话,请再次向我指出正确的方向. 感谢@Second Rikudo的输入,它在删除了双重哈希之后可以正常工作 但是,根据第二次Rikudo的评论,"sha512不安全"
和@tadman该教程非常不完整,并使用了危险的不良做法"
我决定使用 https://github.com/ircmaxell/password_compat 修改代码
根据第二个Rikudo的建议. 如果我记错了,请纠正我,但是您在注册时对密码进行了两次哈希处理(一次使用JavaScript,一次使用PHP),但是登录时,您只能使用PHP哈希一次. 作为旁注, sha512是不安全.升级到PHP5.5以使用 如果无法升级,请参见 ircmaxell的库,以实现与这些功能的前向兼容性 (他实际上是将 I've recently started to learn PHP, and was trying to create a secure Login following this guide http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL. Everything seems to work fine for me apart from the login(). Which I tweaked a bit.
I put some echos to try to pin point the error, it returns an error on the password compare IF: The function returns : Login function error 1 The function login located in includes/functions.php : The sha512.js is from here pajhome.org. uk/crypt/md5/sha512 .html,
and the form from the above mentioned WikiHow. The connection isn't a problem has i use the same connection to insert into MySQL and it works. Thanks for the attention given to my problem and if i didn't disclose enough info please advice. EDIT: deleted a lot of code, as @SeanWM commented i shouldn't expect no one to go through all the code. @Robert Rozas Thank you for the help. the passwords are indeed mismatching.
The output is: Login function error 1 c2d872cb4c6a1b3c22ce35fb9dc0dfca14aa6d48 vs c2d872cb4c6a1b3c22ce35fb9dc0dfca14aa6d48cc2e8c3dcf02c87a3dfb7e3fec2a098b932c11655960e43bb89af058220ff8d75c666fe57ef7206b74d5f9af Please have a look at how the password is constructed: It goes from the register form to .js: and then through php: and then inserted into MySQL. If you could please point me again in the correct direction i would appreciate. EDIT 2: Thanks to the input from @Second Rikudo it worked after removing the double hashing But in light of the comments from Second Rikudo "sha512 is not secure"
and @tadman "That tutorial is worryingly incomplete and uses hazardously bad practices"
I've decided to revise the code utilizing https://github.com/ircmaxell/password_compat
as advised by Second Rikudo. Please correct me if I am mistaken, but you are hashing the password twice upon registering (once with JavaScript, and once with PHP), but when you login, you only hash once (with PHP). As a sidenote, sha512 is not secure. Upgrade yourself to PHP5.5 to make use of If you cannot upgrade, see ircmaxell's library for forward compatibility with those functions (He is practically the one who added 这篇关于无法登录我的安全登录脚本PHP和MySQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! // Add the new element to our form.
form.appendChild(p);
p.name = "p";
p.type = "hidden";
p.value = hex_sha512(password.value);
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
// Create a random salt
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
password_hash() 和其他密码功能.password_*()添加到PHP中的人,因此他的库很好). $password = hash('sha512', $password . $salt);
if ($db_password == $password) {
echo "Password is correct!";
// Add the new element to our form.
form.appendChild(p);
p.name = "p";
p.type = "hidden";
p.value = hex_sha512(password.value);
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
// Create a random salt
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
password_hash() and other password functions.password_*() into PHP, so his library is good).
