如何解决php salt认证
| 感谢您对我对php / mysql的无知的诚实批评,也感谢您在此问题上的帮助。 进行以下建议的更正后,我遇到了注册的问题sha1(md5($password).$salt)
sha1(md5($password).$row[\'salt\']);
$query = \"UPDATE `users` SET `form_password` = \'$encrypted\' WHERE `username` = \'$username\'\";
mysql_query($query) or die (mysql_error());
else {
$password = $_POST[\'password\'];
$username = mysql_real_escape_string($_POST[\'username\']);
$sql = \"SELECT `password`,`salt` FROM `users` WHERE `username` = \'$username\' LIMIT 0,1\";
$result = mysql_query($sql) or die(mysql_error());
if (is_resource($result) && mysql_num_rows($result) > 0){
$row = mysql_fetch_array($result);
$encrypted = sha1(md5($password).$row[\'salt\']);
if($encrypted === $row[\'password\']){
header(\'Location: page3.php\');
exit;
} else{
$query = \"UPDATE `users` SET `form_password` = \'$encrypted\' WHERE `username` = \'$username\'\";
mysql_query($query) or die (mysql_error());
header(\'Location: page2.php\');
exit;
}
} else{
header(\'Location: page4.php\');
exit;
}
}
解决方法
a)您的密码字段在数据库中有多大? SHA1散列的长度为40个字符,因此,如果您的字段大小小于该值,则哈希密码将被截断。
b)在您的
$sql = ...
or die()
$sql = \"...\"
$result = mysql_query($sql) or die(...);
mysql_num_rows($result)
SELECT \'salt\' FROM table WHERE ....
SELECT `salt` ....
SELECT salt ....
<?php
function generateSalt(){
// Declare $salt
$salt = \'\';
// And create it with random chars
for ($i = 0; $i < 2; $i++){
$salt .= chr(rand(48,57)) . chr(rand(65,90)) . chr(rand(97,122));
}
return $salt;
}
$salt = generateSalt();
$encrypted = sha1(md5($password).$salt);
$query = \"INSERT INTO `users`(`password`,`salt`) VALUES \'$encrypted\',\'$salt\')\";
?>
<?php
function salt() {
// Declare $salt
$salt = \'\';
// And create it with random chars
for ($i = 0; $i < 2; $i++){
$salt .= chr(rand(48,122));
}
return $salt;
}
$password = $_POST[\'password\'];
$username = mysql_real_escape_string($_POST[\'username\']);
$sql = \"SELECT `password`,`salt` FROM `users` WHERE `username` = \'$username\' LIMIT 0,1\";
$result = mysql_query($sql) or die(\'Could not access user.\');
if(is_resource($result) && mysql_num_rows($result) > 0){
$row = mysql_fetch_array($result);
$encrypted = sha1(md5($password).$row[\'salt\']);
if($encrypted === $row[\'password\']){
header(\'Location: page3.php\');
exit;
} else{
header(\'Location: page2.php\');
exit;
}
} else{
header(\'Location: page2.php\');
exit;
}
?>
$salt=\'secretword\';// that do not change
$encrypted=sha1($password.$salt);
INSERT INTO users (username,password) VALUES($username,$encrypted);
//get $username and $password from user input
$encrypted=sha1($password.$salt);
SELECT * FROM users WHERE username=\'$username\' and password=\'$encrypded\' LIMIT 1
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。