使用PHPass来哈希密码麻烦 [英] Using PHPass to hash password trouble
问题描述
这里是代码
ob_start();
$ userName = $ password =;
$ userNameErr = $ passwordErr = $ loginErr =;
$ hasher = new PasswordHash(8,false);
if(isset($ _ POST ['subEmployee'])){
if(empty($ _ POST ['user_name'])){
$ userNameErr =用户名是必须的;
} else {
$ userName = check_input($ _ POST ['user_name']);
if(!preg_match(/ ^ [0-9_a-zA-Z] * $ /,$ userName)){
$ userNameErr =只允许使用字母,数字和'_'
$ b $ if(empty($ _ POST ['password'])){
$ passwordErr =需要密码;
} else {
$ password = check_input($ _ POST ['password']);
}
$ active = 1;
$ loginUser = $ db-> prepare(SELECT password FROM users WHERE user_name =?AND activity =?);
$ loginUser-> bind_param('si',$ userName,$ active);
if($ loginUser-> execute()){
$ results = $ loginUser-> get_result();
if($ results-> num_rows == 1){
$ row = $ results-> fetch_object();
$ stored_hash =*;
$ stored_hash = $ row->密码;
$ check = $ hasher-> CheckPassword($ password,$ stored_hash);
if($ check){
$ _SESSION ['name'] = $ row-> first_name;
$ _SESSION ['userId'] = $ row-> id;
$ _SESSION ['user'] = 1;
print_r($ _ SESSION);
header(Location:?pid = 4);
} elseif(!empty($ _ POST ['user_name'])&!empty($ _ POST ['password'])){
$ loginErr =''无效登录信息';
}
}
}
}
远远它总是给出相同的消息无效的登录信息我已经做出了这样的存储我的密码的注册表单。
$ hasher = new PasswordHash(8,false);
$ hash = md5(rand(0,1000));
if(empty($ _ POST ['password'])){
$ error ['passwordErr'] =需要密码;
} elseif(strlen($ _ POST ['password'])< 8){
$ error ['passwordErr'] =< span class ='notAllowed'>最后选择密码八个字符< / span>;
} elseif(strlen($ _ POST ['password'])> 72){
$ error ['passwordErr'] =< span class ='notAllowed'>密码最多72个字符< /跨度>中;
} elseif($ _POST ['password']!== $ _POST ['confirm']){
$ error ['passwordErr'] =密码不匹配;
} else {
$ password = $ hasher-> HashPassword($ password);
}
当我检查我的数据库时,密码似乎被散列给我,而用户名是那里和一切都很好
但仍然收到此消息作为'无效登录信息'。
这两个行是正确的
$ loginUser = $ db-> prepare(SELECT password FROM users WHERE user_name =?AND activity =? );
$ loginUser-> bind_param('si',$ userName,$ active);
登录代码确定。
我也尝试了这一点
更新 在手册中加入PHPass 仍然没有运气可以有人告诉我哪里错在这里 编辑
我更新了我的代码
<$ p ($ set)($ _ POST ['subEmployee'])){
$ error = array(); $ p>
$ hash_cost_log2 = 8;
$ hash_portable = FALSE;
$ hasher = new PasswordHash($ hash_cost_log2,$ hash_portable);
if(empty($ _ POST ['user_name'])){
$ userNameErr =用户名是必需的;
} else {
$ userName = check_input($ _ POST ['user_name']);
if(!preg_match(/ ^ [0-9_a-zA-Z] * $ /,$ userName)){
$ userNameErr =只允许使用字母,数字和'_'
$ b $ if(empty($ _ POST ['password'])){
$ passwordErr =需要密码;
} else {
$ password = $ _POST ['password'];
}
$ active = 1;
$ loginUser = $ db-> prepare(SELECT password FROM hired_person_info WHERE user_name =?AND activity =?);
$ loginUser-> bind_param('si',$ userName,$ active);
if($ loginUser-> execute()){
$ results = $ loginUser-> get_result();
if($ results-> num_rows == 1){
$ row = $ results-> fetch_object();
$ stored_hash =*;
$ stored_hash = $ row->密码;
$ check = $ hasher-> CheckPassword($ password,$ stored_hash);
if($ check){
$ _SESSION ['name'] = $ row-> first_name;
$ _SESSION ['userId'] = $ row-> id;
$ _SESSION ['user'] = 1;
print_r($ _ SESSION);
header(Location:?pid = 4);
} elseif(!empty($ _ POST ['user_name'])&!empty($ _ POST ['password'])){
$ loginErr =''无效登录信息';
}
} else {
$ loginErr =''我们没有找到任何用户';
$ b
$ hash_cost_log2 = 8;
$ hash_portable = FALSE;
$ hasher = new PasswordHash($ hash_cost_log2,$ hash_portable);
这是我的 check_input()代码
函数check_input($ data){
$ data = trim($ data);
$ data = stripslashes($ data);
$ data = htmlspecialchars($ data);
返回$ data;
}
并且我使用PHP 5.3.29
谢谢
该库需要PHP> = 5.3.7或者具有$ 2y修复backported到它(如RedHat提供)。
I am using PHPASS to store password encrypted and compare when login.
here is the code
ob_start();
$userName = $password = "";
$userNameErr = $passwordErr = $loginErr = "";
$hasher = new PasswordHash(8, false);
if (isset($_POST['subEmployee'])) {
if (empty($_POST['user_name'])) {
$userNameErr = "User name is required";
} else {
$userName = check_input($_POST['user_name']);
if (!preg_match("/^[0-9_a-zA-Z]*$/", $userName)) {
$userNameErr = "Only letters, numbers and '_' allowed";
}
}
if (empty($_POST['password'])) {
$passwordErr = "Password is required";
}else{
$password = check_input($_POST['password']);
}
$active = 1;
$loginUser = $db->prepare("SELECT password FROM users WHERE user_name=? AND activity=?");
$loginUser->bind_param('si', $userName, $active);
if ($loginUser->execute()) {
$results = $loginUser->get_result();
if ($results->num_rows == 1) {
$row = $results->fetch_object();
$stored_hash = "*";
$stored_hash = $row->password;
$check = $hasher->CheckPassword($password, $stored_hash);
if ($check) {
$_SESSION['name'] = $row->first_name;
$_SESSION['userId'] = $row->id;
$_SESSION['user'] = 1;
print_r($_SESSION);
header("Location:?pid=4");
} elseif (!empty($_POST['user_name']) && !empty($_POST['password'])) {
$loginErr = "'Invalid Login Information'";
}
}
}
}
so far it always give the same message 'Invalid Login Information' I have made the registration form that store my password like this.
$hasher = new PasswordHash(8, false);
$hash = md5(rand(0, 1000));
if (empty($_POST['password'])) {
$error ['passwordErr'] = "Password is required";
} elseif (strlen($_POST['password']) < 8) {
$error ['passwordErr'] = "<span class='notAllowed'>Chose password with at last eight characters</span>";
} elseif (strlen($_POST['password']) > 72) {
$error ['passwordErr'] = "<span class='notAllowed'>Password max 72 characters</span>";
} elseif ($_POST['password'] !== $_POST['confirm']) {
$error ['passwordErr'] = "Password don't matching";
} else {
$password = $hasher->HashPassword($password);
}
when I checked my database the password seems hashed to me and the user name is there and everything is alright
but still getting this message as 'Invalid Login Information'.
does this two lines is right
$loginUser = $db->prepare("SELECT password FROM users WHERE user_name=? AND activity=?");
$loginUser->bind_param('si', $userName, $active);
does the login code OK.
I try this too
Update I updated my code
if (isset($_POST['subEmployee'])) {
$error=array();
$hash_cost_log2 = 8;
$hash_portable = FALSE;
$hasher = new PasswordHash($hash_cost_log2, $hash_portable);
if (empty($_POST['user_name'])) {
$userNameErr = "User name is required";
} else {
$userName = check_input($_POST['user_name']);
if (!preg_match("/^[0-9_a-zA-Z]*$/", $userName)) {
$userNameErr = "Only letters, numbers and '_' allowed";
}
}
if (empty($_POST['password'])) {
$passwordErr = "Password is required";
} else {
$password = $_POST['password'];
}
$active = 1;
$loginUser = $db->prepare("SELECT password FROM hired_person_info WHERE user_name=? AND activity=?");
$loginUser->bind_param('si', $userName, $active);
if ($loginUser->execute()) {
$results = $loginUser->get_result();
if ($results->num_rows == 1) {
$row = $results->fetch_object();
$stored_hash = "*";
$stored_hash = $row->password;
$check = $hasher->CheckPassword($password, $stored_hash);
if ($check) {
$_SESSION['name'] = $row->first_name;
$_SESSION['userId'] = $row->id;
$_SESSION['user'] = 1;
print_r($_SESSION);
header("Location:?pid=4");
} elseif (!empty($_POST['user_name']) && !empty($_POST['password'])) {
$loginErr = "'Invalid Login Information'";
}
} else {
$loginErr = "'We didn't find any users'";
}
}
}
add this from the manual of PHPass
$hash_cost_log2 = 8;
$hash_portable = FALSE;
$hasher = new PasswordHash($hash_cost_log2, $hash_portable);
still no luck can somebody tell me where am mistaking here
Edit
this is my check_input() code
function check_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
and I am using PHP 5.3.29
Thanks
This library requires PHP >= 5.3.7 OR a version that has the $2y fix backported into it (such as RedHat provides).
这篇关于使用PHPass来哈希密码麻烦的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
