1. 首頁
  2. 問答
  3. 散列密碼不匹配

散列密碼不匹配

2013-05-19 144 views
-2

我有一個登記表,讓用戶輸入密碼,我使用隱窩散列密碼不匹配

在寄存器形式它的工作討論解決這個口令和密碼散列和安全的數據庫,但當它來登錄密碼不匹配,系統不會登錄

任何人都可以幫助我?在register.php

散列密碼

//crypt password 
     require_once('include/blowfish.php'); 

     $bcrypt = new Bcrypt(4); 
     $hash = $bcrypt->hash($pass1); 
     echo $hash; 


//************Insert all the members's input to the database**************************// 
$query = mysql_query("INSERT INTO members(user_name, first_name, last_name, 
governorate, district, village, birth_date, email_address, specialization, 
password, registered_date) 

VALUES('$username', '$firstname', '$lastname', '$governorate', '$district', 
'$village', '$bdate', '$email', '$specialization', '$hash', now())") 

or die(mysql_error());

在login.php中

$sql=mysql_query("SELECT user_id, email_address, first_name, user_name 
FROM members 
WHERE email_address='$email'AND password= '$pass' 
LIMIT 1") or die("error in members table"); 
$login_check = mysql_num_rows($sql); 

    if($login_check > 0) 
    { 
     $row = mysql_fetch_array($sql); 
     $row_pass = $row['password']; 
     //***********for hashing password***************************// 
require_once('include/blowfish.php'); 
$bcrypt = new Bcrypt(4); 
if($bcrypt->verify($pass, $row_pass)) 
    { 

      $id = $row['user_id']; 
      $_SESSION['user_id'] = $id; 

      $firstname = $row['first_name']; 
      $_SESSION['first_name']= $firstname; 

      $email = $row['email_address']; 
      $_SESSION['email_address']= $email; 

      $username = $row['user_name']; 
      $_SESSION['user_name']= $username; 


      mysql_query("UPDATE members SET last_log_date=now() 
WHERE user_id='$id'"); 

     //$message = "correct email and passworddd!!"; 
      header("Location: profile.php"); 
     // exit(); 
    }//close if 
}//close if 
    else 
    { 
     $message = "incorrect Email or Password!!"; 
     //exit(); 
    }

來源

2013-05-19 user2398286

+0

不要多次提問相同的問題。 – Gumbo

+0

你已經得到答案,試着理解並應用它們! – deceze

+0

@ deceze問題是,我認爲它是正確的,但它不是,我不知道如何解決,所以我來問問題去了解並理解 – user2398286

回答

0

它不會在1-ST工作,因爲散列密碼片斷您節省$散列成會員。密碼。

在第二個片段中,您檢查輸入中的真實密碼。您需要修改它以先哈希:

$bcrypt = new Bcrypt(4); 
$hash = $bcrypt->hash($pass); 

$query = sprintf("SELECT user_id, email_address, first_name, user_name 
FROM members 
WHERE email_address='%s'AND password= '%s'", 
     mysql_real_escape_string($email), 
     mysql_real_escape_string(hash)); 

$sql=mysql_query($query) or die("error in members table"); 

$login_check = mysql_num_rows($sql); 

if($login_check > 0) 
{ 
    ...

此外,您的代碼易受SQL注入攻擊,並使用不推薦的mysql_ *函數。

來源

2013-05-19 11:40:14 user4035

+0

所以代碼變成這樣:** require_once('include/blowfish.php'); $ bcrypt = new Bcrypt(4); $ hash = $ bcrypt-> hash($ pass); mysql_real_escape_string($ email), mysql_real_escape_string($ hash)); $ sql查詢= sprintf(「SELECT user_id,email_address,first_name,user_name FROM members WHERE email_address ='%s'and password ='%s'', mysql_real_escape_string = mysql_query($ query)或死(「在成員表中的錯誤」); $ login_check = mysql_num_rows($ sql); if($ login_check> 0){$ row = mysql_fetch_array($ sql); $ row_pass = $ row ['password']; if($ bcrypt-> verify($ hash,$ row ['password'])){** – user2398286

+0

但是這會產生另一個散列不一樣的散列 – user2398286

相關問題

 相關問題