PHP SHA256 和 Salt 不起作用 [英] PHP SHA256 and Salt won't work
问题描述
我正在尝试创建使用 $salt 变量进行 sha256 散列的密码.但由于某种原因,它只是行不通.现在已经在这方面工作了 3 个小时,我快要掉下来了.这是我的代码:
I'm trying to create passwords that are sha256 hashed with a $salt variable to it. But for some reason it just won't work. Been working 3 hours on this now, and I'm about to rip my head off. Here is my code:
我会再试一次,对不起;o)
I'll try again, sorry ;o)
好的,我的脚本运行良好,直到我尝试将 sha256 添加到密码中.我有一个用于创建用户的文件:
Ok, my script worked fine, untill I tried to add the sha256 to the passwords. I got a file for creating users which is:
$salt = "lollol";
$password = hash('sha256', $salt.$_POST['password']);
$sql = ("INSERT INTO members (username, password, name, last_name,company)VALUES('$username', '$password', '$name', '$last_name', '$company')")or die(mysql_error());
if(mysql_query($sql))
echo "Your accuont has been created.";
它似乎已正确添加到数据库中.我可以看到它被一些字母和数字散列了.
It seems like it's correctly added to the Database. I can see that it is getting hashed with some letters and numbers.
但是当我尝试登录时,它不会.
But then when I'm trying to login, it just won't.
我的 login.php 代码是:
My code for login.php is:
$sql= "SELECT * FROM members WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$username = mysql_real_escape_string($_POST['username']);
$password = $_POST['password'];
$salt = "lollol";
$auth_user = hash('sha256', $salt.$password);
if($password == $salt.$auth_user){
echo "Logged in";
} else {
echo "Not logged in";
}
我有这个想法,当我想登录时必须加密密码,但我不确定.我希望你们中的一些人可以帮助我.
I got the idea of that, I have to encrypt password when I want to log in, but im not sure. I hope that some of you can help me.
推荐答案
尝试登录时,您再次将散列与盐连接起来
When trying to login you concatenate the hash with the salt once more
$auth_user = hash('sha256', $salt.$password);
if($password == $salt.$auth_user){ // <-- $salt once more
echo "Logged in";
} else {
echo "Not logged in";
}
它应该可以工作,如果你只是删除它
It should work, if you just remove it
$auth_user = hash('sha256', $salt.$password);
if($password == $auth_user){
echo "Logged in";
} else {
echo "Not logged in";
}
更新:更进一步
这里
$sql= "SELECT * FROM members WHERE username='$username' and password='$password'";
您尝试检索用户名与 $username
匹配且密码与 $password
匹配的行.在数据库中,密码已经散列(并且 $password
似乎根本没有定义),因此这个查询将永远返回任何行.
You try to retrieve the row, where the username matches $username
and the password matches $password
. In the database the passwords are already hashed (and $password
seems to be not defined at all), thus this query will never return any row.
$password = hash('sha256', $salt.$_POST['password']);
$username = mysql_real_escape_string($_POST['username']);
$sql= "SELECT * FROM members WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$result
现在应该包含与给定凭据匹配的 only 用户.现在很容易
$result
should now contain the only user that matches the given credentials. Its now very easy
if (mysql_num_rows($result) === 1) {
echo "Logged in";
} else {
echo "Not logged in";
}
这篇关于PHP SHA256 和 Salt 不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!