Register.php哈希密码不会登录
$query = "
INSERT INTO users(
email,
pass,
salt
) VALUES (
:email,
:password,
:salt
)
";
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
$query_params = array(
':email' => $_POST['email'],
':password' => $password,
':salt' => $salt
);
的login.php
if($row)
{
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['pass'])
{
// If they do, then we flip this to true
$login_ok = true;
}
}
密码/用户名是正确的那么想不通这是为什么不工作。在数据库中,哈希传递长度与我不确定的盐密码相同
为什么不使用内置函数'password_hash()'和'password_verify()'而不是滚动自己的? –
首先检查* salt *和* pass *列的长度是否足够大,以分别容纳salt和散列密码。然后执行'echo $ check_password;'来手动检查存储(散列)密码和登录(散列)密码是否相同。 –