我并不是一个PHP程序员,但我试图解决如何在用户登录网站时读取散列密码。我已经用下面的PHP保存的哈希密码:登录散列用户输入
$pass = mysql_real_escape_string($_POST['pass']);
$key = $pass;
$string = $pass;
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
mysql_select_db("db", $con);
$sql="INSERT INTO members_tbl (email, pass, registration_date)
VALUES ('$email','$encrypted', now())";
我不知道如何读什么用户inputed并请检查是否它一样解密的变量,如果真正标志他们这里。我尝试:
//Sanitize the POST values
$signin_email = clean($_POST['signin_email']);
$signin_pass = clean($_POST['signin_pass']);
//Input Validations
if($signin_email == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($signin_pass == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
$pass = $signin_pass;
$key = $pass;
$string = $pass;
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
//Create query
$qry = "SELECT * FROM members_tbl WHERE email='$signin_email' AND pass='$decrypted'";
//do something
* COUGH * http://php.net/manual/en/ref.password.php * COUGH * – PeeHaa 2014-10-11 23:08:25
另请参阅Openwall的[PHPass](http://www.openwall.com/phpass/)。它因为一些攻击而变得僵硬。 – jww 2014-10-11 23:10:10
这是什么加密来证明使用'MCRYPT_RIJNDAEL_256'?那里是军事级的加密。 – 2014-10-11 23:10:29