密码在PHP登录系统永远不会奏效 [英] Password never works in PHP login system
问题描述
我想建立一个PHP会员区我的Web服务器,这哈希和盐渍的密码上。我注册了一个账号,并检查了数据库 - 如预期的那样创建用户 - 一切似乎罚款。现在的问题是,每当我试图登录它说的登录不正确(用户名或密码)。当然,这是在试验区正在做的,我注册的用户名和密码应该工作 - 但不
I am trying to set up a PHP members area on my web server, which has hashed and salted passwords. I registered an account and checked the database - the user is created as expected - everything seemed fine. The problem is whenever I try to log in it says the login is incorrect (username or password). Of course this is being done in a test area, and the user name and password I registered with should work - but doesn't.
auth.php:应认证用户,并创建一个会话,如果细节都有效
//登录永远不会奏效
auth.php: should authenticate the user and create a session if the details are valid //login never works
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if (strlen($username)<3 || strlen($password)<3) {
header('Location: log_in.php5?error=1');
die();
}
$username = mysql_real_escape_string($username);
function validateUser() {
session_regenerate_id ();
$_SESSION['valid'] = 1;
$_SESSION['userid'] = $username;
}
include "../db_login.php5";
mysql_select_db("DB_NAME", $con);
$query = "SELECT password, salt
FROM users
WHERE username = '" . $username . "';";
$result = mysql_query($query);
$userData = mysql_fetch_assoc($result);
$count = mysql_num_rows($userData);
if ($count < 1) {
header('Location: log_in.php5?error=1');
die();
}
$salt = "";
$hashed_pass = "";
for ($x=0; $x<1; $x++) {
$salt = $userData['salt'];
$hashed_pass = $userData['password'];
}
$hash = hash('sha256', $salt . hash('sha256', $password));
mysql_close($con);
if ($hash != $hashed_pass) {
header('Location: log_in.php5?error=1');
die();
} else {
validateUser();
}
header('Location: members.php5');
?>
register.php:应采取用户名,哈希值与盐密码,所有3个存储DB //作品
register.php: should take the username, hash the password with a salt, store all 3 to DB //works
<?php
//retrieve our data from POST
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2)
header('Location: sign_up.php5');
if(strlen($username) > 30)
header('Location: sign_up.php5');
$hash = hash('sha256', $pass1);
function createSalt(){
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
$salt = createSalt();
$hash = hash('sha256', $salt . $hash);
include "../db_register.php5";
mysql_select_db("DB_NAME", $con);
//sanitize username
$username = mysql_real_escape_string($username);
$query = "INSERT INTO users (username, password, salt)
VALUES ( '$username' , '$hash' , '$salt' );";
mysql_query($query);
mysql_close($con);
header('Location: log_in.php5');
?>
在的login.php 文件是一个简单的表格中的数据auth.php哪些职位;
在 sign_up.php 文件也是一个简单的表单的用户数据register.php哪些帖子。
The login.php file is a simple form which posts the data to auth.php; the sign_up.php file is also a simple form which posts the user data to register.php.
什么是错我的code,它不会让我登录?
编辑:
所以我已经将问题范围缩小下来,在$用户名变量,似乎从一开始就空白?
So I've narrowed the problem down so the $username variable which seems to be blank from the start?
输出:
Count:
User:
Query: SELECT * FROM `users` WHERE `username`='';
code输出:
code for output:
$query = "SELECT *
FROM `users`
WHERE `username`='".$username."';";
$result = mysql_query($query);
$userData = mysql_fetch_assoc($result);
$count = mysql_num_rows($userData);
if ($count < 1) {
echo "Count: ".$count."<BR/>"
. "User: " .$username ."<BR/>"
. "Query: " .$query;
//header('Location: log_in.php5?error=1,count='.$count.'user='.$username);
//die();
}
$计数和$用户名未在任何地址和SQL查询打印
$count and $username are not printed in either Address nor the sql query
编辑2:
*Jared* eventually found the problems which were two in number:
1) $username = mysql_real_escape_string($username); <-- required a db connection $con in my case
2) $count = mysql_num_rows($userData); <-- required to pass the $result instead.
谢谢大家!
推荐答案
用什么这部分内容?
for ($x=0; $x<1; $x++) {
$salt = $userData['salt'];
$hashed_pass = $userData['password'];
}
做的的var_dump $用户数据
。
修改
function validateUser($username) {
session_regenerate_id ();
$_SESSION['valid'] = 1;
$_SESSION['userid'] = $username;
}
和底部附近的:
if ($hash != $hashed_pass) {
header('Location: log_in.php5?error=1');
die();
} else {
validateUser($username);
}
这篇关于密码在PHP登录系统永远不会奏效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!