验证SHA512密码if($ row ['password'] == hash('SHA512',$ upass)) [英] Verify a SHA512 password if($row['password']==hash('SHA512', $upass))
问题描述
当用户在我的网站上创建帐户时,其密码将使用SHA512存储.我的问题是,当用户尝试使用其密码登录时,我认为我验证密码不正确,但是我看不到自己做错了什么.
When a user creates a account on my website then their password is stored using SHA512. My problem is when the user tries to login with their password, i believe i am verifying the password incorrectly however i cannot see what i have done wrong.
这是我的注册脚本,可以正常工作:
Here is my register script which works :
$uname = mysql_real_escape_string($_POST['uname']);
$sname = mysql_real_escape_string($_POST['sname']);
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);
$upass = hash('SHA512', $upass);
密码"Test"以以下方式存储在数据库中:
The password 'Test' is stored in the database as:
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f88
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f88
这是我的登录脚本:
if($row['password']==hash('SHA512', $upass))
{
$_SESSION['user'] = $row['user_id'];
header("Location: account.php");
如果有人可以编辑我的登录代码,以便它可以检索和验证SHA512字符串,那么将不胜感激.
If any body could please edit my login code so that it can retrieve and verify the SHA512 string then it would be greatly appreciated.
我不担心完全更改我的登录系统以使其更安全,这是一个非常简单的系统,仅用于存储用户对站点的首选项,请让我们厌倦使用SHA512.
I am not worried about totally changing my login system to make it more secure, it is a very simple system which is only used to store a users preferences for the site, please could we just sick to using SHA512.
推荐答案
这是PHP版本> = 5.6.0的hash_equals(),如果您使用的是较低版本,则可以使用下面的代码.
Here is the hash_equals() for php version >= 5.6.0 If you are using lower version then you can use code from below.
if(!function_exists('hash_equals')) {
function hash_equals($str1, $str2) {
if(strlen($str1) != strlen($str2)) {
return false;
} else {
$res = $str1 ^ $str2;
$ret = 0;
for($i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]);
return !$ret;
}
}
}
匹配哈希.
$expected = crypt('Test', '$2a$07$addsomecustomstring$');
$correct = crypt('Test', '$2a$07$addsomecustomstring$');
$wrong = crypt('tets', '$2a$07$addsomecustomstring$');
var_dump(hash_equals($expected, $correct)); //true
var_dump(hash_equals($expected, $wrong)); //false
这篇关于验证SHA512密码if($ row ['password'] == hash('SHA512',$ upass))的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!