验证SHA512密码if($ row ['password'] == hash('SHA512',$ upass)) [英] Verify a SHA512 password if($row['password']==hash('SHA512', $upass))

查看:118
本文介绍了验证SHA512密码if($ row ['password'] == hash('SHA512',$ upass))的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当用户在我的网站上创建帐户时,其密码将使用SHA512存储.我的问题是,当用户尝试使用其密码登录时,我认为我验证密码不正确,但是我看不到自己做错了什么.

When a user creates a account on my website then their password is stored using SHA512. My problem is when the user tries to login with their password, i believe i am verifying the password incorrectly however i cannot see what i have done wrong.

这是我的注册脚本,可以正常工作:

Here is my register script which works : 

 $uname = mysql_real_escape_string($_POST['uname']);
 $sname = mysql_real_escape_string($_POST['sname']);
 $email = mysql_real_escape_string($_POST['email']);
 $upass = mysql_real_escape_string($_POST['pass']);

 $upass = hash('SHA512', $upass);

密码"Test"以以下方式存储在数据库中:

The password 'Test' is stored in the database as:

ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f88

ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f88

这是我的登录脚本:

if($row['password']==hash('SHA512', $upass))
 {
  $_SESSION['user'] = $row['user_id'];
  header("Location: account.php");

如果有人可以编辑我的登录代码,以便它可以检索和验证SHA512字符串,那么将不胜感激.

If any body could please edit my login code so that it can retrieve and verify the SHA512 string then it would be greatly appreciated.

我不担心完全更改我的登录系统以使其更安全,这是一个非常简单的系统,仅用于存储用户对站点的首选项,请让我们厌倦使用SHA512.

I am not worried about totally changing my login system to make it more secure, it is a very simple system which is only used to store a users preferences for the site, please could we just sick to using SHA512.

推荐答案

这是PHP版本> = 5.6.0的hash_equals(),如果您使用的是较低版本,则可以使用下面的代码.

Here is the hash_equals() for php version >= 5.6.0 If you are using lower version then you can use code from below.

if(!function_exists('hash_equals')) {
  function hash_equals($str1, $str2) {
    if(strlen($str1) != strlen($str2)) {
      return false;
    } else {
      $res = $str1 ^ $str2;
      $ret = 0;
      for($i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]);
      return !$ret;
    }
  }
}

匹配哈希.

$expected  = crypt('Test', '$2a$07$addsomecustomstring$');
$correct   = crypt('Test', '$2a$07$addsomecustomstring$');
$wrong = crypt('tets',  '$2a$07$addsomecustomstring$');

var_dump(hash_equals($expected, $correct)); //true
var_dump(hash_equals($expected, $wrong)); //false

这篇关于验证SHA512密码if($ row ['password'] == hash('SHA512',$ upass))的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆