-1
我很難搞清楚爲什麼用戶密碼哈希不起作用。密碼醃製 - 永不匹配!
我這樣做是正常的方法,其中在註冊時我創建一個randam鹽,用密碼和存儲結合起來,但是當我嘗試匹配的登錄密碼,他們未能:(
方式<?php
class Model_users extends ModelType_DatabasePDO
{
//...
public function CheckCredentials($username,$password)
{
$statement = $this->prepare('SELECT user_id,user_salt,user_password FROM users WHERE user_username = :u');
$statement->bindValue(':u',$username);
if($statement->execute())
{
$user_data = $statement->fetch(PDO::FETCH_OBJ);
//Create a new hash with salt
$combined = $this->CombineHash($password,$user_data->user_salt);
//Check the combination is correct!
if($combined == $user_data->user_password)
{
return true;
}
var_dump($user_data->user_salt,$combined);
return false;
}
return false;
}
//...
public function AddUser($userdata)
{
if($userdata['username'] && $userdata['password'] && $userdata['email'] && $userdata['nickname'])
{
$statement = $this->prepare('INSERT INTO users (user_username,user_password,user_salt,user_email,user_nickname) VALUES (:username,:password,:salt,:email,:nickname)');
//Generate hashes
$salt = $this->GenerateSalt();
$password = $this->CombineHash($userdate['password'],$salt);
//Generate Data block for insert
$data = array(
':username' => $userdata['username'],
':password' => $password,
':salt' => $salt,
':email' => $userdata['email'],
':nickname' => $userdata['nickname']
);
if($statement->execute($data))
{
return true;
}
}
return false;
}
private function GenerateSalt()
{
//Create a random md5 string:
$first = md5(rand(0,100) . time() . microtime() . uniqid());
$second = md5(rand(0,100) . time() . microtime() . uniqid());
for($i=0;$i<=32;$i++)
{
$string = '';
if($i % 2)
{
$string .= $first[$i];
}else
{
$string .= $second[$i];
}
}
return md5($string);
}
private function CombineHash($password,$hash)
{
return md5($password . $hash);
}
}
?>
傳遞到方法的所有變量都生不鹽醃或加密,但僅僅是驗證:/
問候
它總是那些小東西...好的。 – bradenkeith 2010-08-24 19:04:46
這就是爲什麼我喜歡編譯語言 – Andrey 2010-08-24 19:08:43
是啊和一個,有很多相似之處,現在它的工作,在9-5電腦工作後回到個人項目難以集中哈哈,再次感謝。 – RobertPitt 2010-08-24 19:09:35