-2
我並不是一個PHP程序員,但我試圖解決如何在用戶登錄網站時讀取散列密碼。我已經用下面的PHP保存的哈希密碼:登錄散列用戶輸入
$pass = mysql_real_escape_string($_POST['pass']);
$key = $pass;
$string = $pass;
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
mysql_select_db("db", $con);
$sql="INSERT INTO members_tbl (email, pass, registration_date)
VALUES ('$email','$encrypted', now())";
我不知道如何讀什麼用戶inputed並請檢查是否它一樣解密的變量,如果真正標誌他們這裏。我嘗試:
//Sanitize the POST values
$signin_email = clean($_POST['signin_email']);
$signin_pass = clean($_POST['signin_pass']);
//Input Validations
if($signin_email == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($signin_pass == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: index.php");
exit();
}
$pass = $signin_pass;
$key = $pass;
$string = $pass;
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
//Create query
$qry = "SELECT * FROM members_tbl WHERE email='$signin_email' AND pass='$decrypted'";
//do something
* COUGH * http://php.net/manual/en/ref.password.php * COUGH * – PeeHaa 2014-10-11 23:08:25
另請參閱Openwall的[PHPass](http://www.openwall.com/phpass/)。它因爲一些攻擊而變得僵硬。 – jww 2014-10-11 23:10:10
這是什麼加密來證明使用'MCRYPT_RIJNDAEL_256'?那裏是軍事級的加密。 – 2014-10-11 23:10:29