-1
我很难搞清楚为什么用户密码哈希不起作用。密码腌制 - 永不匹配!
我这样做是正常的方法,其中在注册时我创建一个randam盐,用密码和存储结合起来,但是当我尝试匹配的登录密码,他们未能:(
方式<?php
class Model_users extends ModelType_DatabasePDO
{
//...
public function CheckCredentials($username,$password)
{
$statement = $this->prepare('SELECT user_id,user_salt,user_password FROM users WHERE user_username = :u');
$statement->bindValue(':u',$username);
if($statement->execute())
{
$user_data = $statement->fetch(PDO::FETCH_OBJ);
//Create a new hash with salt
$combined = $this->CombineHash($password,$user_data->user_salt);
//Check the combination is correct!
if($combined == $user_data->user_password)
{
return true;
}
var_dump($user_data->user_salt,$combined);
return false;
}
return false;
}
//...
public function AddUser($userdata)
{
if($userdata['username'] && $userdata['password'] && $userdata['email'] && $userdata['nickname'])
{
$statement = $this->prepare('INSERT INTO users (user_username,user_password,user_salt,user_email,user_nickname) VALUES (:username,:password,:salt,:email,:nickname)');
//Generate hashes
$salt = $this->GenerateSalt();
$password = $this->CombineHash($userdate['password'],$salt);
//Generate Data block for insert
$data = array(
':username' => $userdata['username'],
':password' => $password,
':salt' => $salt,
':email' => $userdata['email'],
':nickname' => $userdata['nickname']
);
if($statement->execute($data))
{
return true;
}
}
return false;
}
private function GenerateSalt()
{
//Create a random md5 string:
$first = md5(rand(0,100) . time() . microtime() . uniqid());
$second = md5(rand(0,100) . time() . microtime() . uniqid());
for($i=0;$i<=32;$i++)
{
$string = '';
if($i % 2)
{
$string .= $first[$i];
}else
{
$string .= $second[$i];
}
}
return md5($string);
}
private function CombineHash($password,$hash)
{
return md5($password . $hash);
}
}
?>
传递到方法的所有变量都生不盐腌或加密,但仅仅是验证:/
问候
它总是那些小东西...好的。 – bradenkeith 2010-08-24 19:04:46
这就是为什么我喜欢编译语言 – Andrey 2010-08-24 19:08:43
是啊和一个,有很多相似之处,现在它的工作,在9-5电脑工作后回到个人项目难以集中哈哈,再次感谢。 – RobertPitt 2010-08-24 19:09:35