我在注册时使用密码盐来哈希用户的密码,也使用登录相同的方法,但它总是显示我不正确的密码,请有人可以告诉我什么是错误。 如果我删除密码salt它将工作正常,但我需要确保密码。密码哈希在php注册和登录不工作
这里是我的注册码
<?php
include($root . 'database_connection.php');
if (isset($_POST['formsubmitted'])) {
$username = $_POST['username']; //else assign it a variable
$email = $_POST['email'];
$password = $_POST['password'];
$salt = "@g26jQsG&nh*v";
$passcode = sha1($password.$salt);
$name = $username;
$pass = $passcode;
$mail = $email;
$query_insert_user = "INSERT INTO `users` (`username`, `password`, `email`, `active`) VALUES ('$name', '$pass', '$mail', '$numbers')";
$result_insert_user = mysqli_query($db_conn, $query_insert_user);
if (!$result_insert_user) {
echo 'Query Failed ';
}
mysqli_close($db_conn); //Close the DB Connection
} // End of the main Submit conditional.
?>
登录页面
<?php
if ($_POST) {
$salt = "@g26jQsG&nh*v";
$password = sha1($_POST['password'].$salt);
$logdb = new PDO('mysql:host=localhost;dbname=userdb', 'root', 'pass');
$logdb->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $logdb->prepare("SELECT * FROM users WHERE username=:username AND password=:password");
$stmt->bindParam(":username", $_POST['username']);
$stmt->bindParam(":password", $password);
$stmt->execute();
$atributes = $stmt->fetch(PDO::FETCH_OBJ);
if ($atributes) {
session_start();
$username = $atributes->username;
$_SESSION['username'] = $username;
$active = $atributes->active;
$email = $atributes->email;
if($active==0){
echo '<table><td width="50px" valign="top"><i class="fa fa-ban mail2"></i></td><td><div>Authentication Error! Your account is not verified please verify your email.<br/>
<small>Need more help? Please contact the systems administrator.</small></div></td></table>';}
else{
header("location: index.php");
}
} else {
header("location: login.php?else=0&n");
//incorrect
}
}
else {
header("location: login.php?false=1&n");
echo '<form name="login" action="" method="POST">
Username: <br />
<input type="text" name="username"/><br />
Password: <br />
<input type="password" name="password"/><br />
<button type="submit">Login</button>
<a href="signup.php">Register</a></form>';
}
$logdb=null;
?>
盐对于每个用户都需要是唯一的。此外,您的注册代码已广泛用于SQL注入。 – 1615903