1. 首頁
  2. 問答
  3. 如何使用加密的(blowfish)密碼登錄到現有的用戶帳戶

如何使用加密的(blowfish)密碼登錄到現有的用戶帳戶

2015-08-13 106 views
2

我在youtube上關注瞭如何使用加密blowfish函數加密用戶密碼的教程。我已經將它正確地實施到了我的註冊腳本中,併成功註冊了一個帳戶並將加密的密碼發送到數據庫。我的問題是,在嘗試登錄用戶時檢索該加密密碼。當我嘗試登錄到現有用戶時,它回到最後一個聲明表明它不存在,這意味着哈希密碼不存在認可。如何使用加密的(blowfish)密碼登錄到現有的用戶帳戶

代碼加密密碼功能:

public function encryptPass($password, $rounds = 11) 
     { 
      $salt = ""; 
      // creates array of capital letters A-Z & lowercase as well as #'s 0-9 
      $saltChars = array_merge(range('A', 'Z'), range('a', 'z'), range(0,9)); 

      for($i = 0; $i < 22; $i++) 
      { 
       // randomize the array 
       $salt .= $saltChars[array_rand($saltChars)]; 
      } 

      return crypt($password, sprintf('$2y$%02d$', $rounds) . $salt); 

     }

代碼用於註冊的帳戶:

/// LOGIN ACCOUNT /// 
if(isset($_POST['login'])) 
{ 
    // 'convert' post variables to session variables 
    $_SESSION['username'] = $_POST['username']; 
    $_SESSION['password'] = $_POST['password']; 

    // clean em up, get rid of any white spaces or sql injection special chars 
    $username = mysql_real_escape_string(trim($_SESSION['username'])); 
    $password = mysql_real_escape_string($dbMan->encryptPass(trim($_SESSION['password']))); 

    echo "$password<br>\n"; 

    $user = $dbMan->Login($username, $password); 
    // if theres an acccount with that username/pw in the db 
    if ($user) 
    { 

     // login successful 
     header("location:index.php"); 
    } 
    else 
    { 
     // Registration Failed 
     echo "<script>alert(' The email or password do not match! ')</script>"; 
    } 
}

代碼dbManager:用於登錄

/// REGISTER ACCOUNT /// 
if(isset($_POST['register'])) 
{ 
    // clean up the fields 
    $username = mysql_real_escape_string(trim($_POST['username'])); 
    $emailid = mysql_real_escape_string(trim($_POST['emailid'])); 
    $password = mysql_real_escape_string(trim($_POST['password'])); 
    $confirmPassword = mysql_real_escape_string(trim($_POST['confirm_password'])); 
    if($password == $confirmPassword) 
    { 

     $iUe = $dbMan->ifUsernameExist($username); 
     $iEe = $dbMan->ifEmailExist($emailid); 

     // if username and email don't already exist, continue with registration 
     if(!$iUe && !$iEe) 
     { 

      // encrypt the users password 
      $hashedPassword = $dbMan->encryptPass($password); 
      echo "$password <br> \n"; 

      // register the account 
      $register = $dbMan->UserRegister($username, $emailid, $hashedPassword); 

      // if registration was succesful 
      if($register) 
      { 
       echo "<script>alert('Registration Successful')</script>"; 
      } 
      else 
      { 
       echo "<script>alert('Registration Not Successful')</script>"; 
      } 
     } 
     else 
     { 
      echo "<script>alert(' That email or username already exists! ')</script>"; 
     } 
    } 
    else 
    { 
     echo "<script>alert(' Passwords do not match! ')</script>"; 

    } 


}

代碼

<?php 

require_once 'dbConnect.php'; 
//session_start(); 


    class dbManager 
    { 
     function __construct() 
     { 
      // connecting to database 
      $db = new dbConnect(); 

     } 
     // destructor 
     function __destruct() 
     { 

     } 

     public function UserRegister($username, $emailid, $password) 
     { 
      $query = mysql_query("INSERT INTO users(username, emailid, password) values('".$username."','".$emailid."','".$password."')") or die(mysql_error()); 
      return $query; 

     } 

     public function Login($username, $password) 
     { 
      $query = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'"); 
      $user_data = mysql_fetch_array($query); 
      //print_r($user_data); 
      $num_rows = mysql_num_rows($query); 

      if ($num_rows == 1) 
      { 

       $_SESSION['login'] = true; 
       $_SESSION['uid'] = $user_data['id']; 
       $_SESSION['username'] = $user_data['username']; 
       $_SESSION['emailid'] = $user_data['emailid']; 

       return TRUE; 
      } 
      else 
      { 
       return FALSE; 
      } 


     } 


     // check if username exists in db 
     public function ifUsernameExist($username) 
     { 
      $qr = mysql_query("SELECT * FROM users WHERE username = '".$username."'"); 
      echo $row = mysql_num_rows($qr); 
      if($row > 0) 
      { 
       return TRUE; 
      } 
      else 
      { 
       return FALSE; 
      } 
     } 

     // check if email exists in db 
     public function ifEmailExist($emailid) 
     { 
      $qr = mysql_query("SELECT * FROM users WHERE emailid = '".$emailid."'"); 
      echo $row = mysql_num_rows($qr); 
      if($row > 0) 
      { 
       return TRUE;  
      } 
      else 
      { 
       return FALSE; 
      } 
     } 

     // encrypt password 
     public function encryptPass($password, $rounds = 11) 
     { 
      $salt = ""; 
      // creates array of capital letters A-Z & lowercase as well as #'s 0-9 
      $saltChars = array_merge(range('A', 'Z'), range('a', 'z'), range(0,9)); 

      for($i = 0; $i < 22; $i++) 
      { 
       // randomize the array 
       $salt .= $saltChars[array_rand($saltChars)]; 
      } 

      return crypt($password, sprintf('$2y$%02d$', $rounds) . $salt); 

     } 

    } 
?>

注意:登錄和註冊'方法'都在同一個php文件中,包括表單標記。加密函數位於名爲dbManager的不同文件中。

希望我能提供足夠的信息讓別人指點我正確的方向。任何幫助表示讚賞!

謝謝,開發。

來源

2015-08-13 devon t

+0

你可以顯示'$ dbman-> Login()' – Victory

+0

的代碼哦,是的,現在就可以做到這一點。我的錯。 –

+0

我想你忘記了當你登錄時,用戶輸入的密碼沒有加密,所以你需要加密他們輸入的內容,然後當你比較重新輸入的密碼和你可以看到的數據庫密碼時如果他們匹配。如果你不用加密輸入密碼的方式,他們將永遠不會匹配 – RiggsFolly

回答

1

您需要傳遞明文密碼進行加密才能在數據庫中進行比較。

變化

$password = trim(mysql_real_escape_string($_SESSION['password'])); 


$password = $dbMan->encryptPass(trim(mysql_real_escape_string($_SESSION['password'])));

在您的登錄操作。

理想情況下,你會在INSERTSELECTmysql_real_escape_string雙方之前運行$dbMan->encryptPass

$password = mysql_real_escape_string($dbMan->encryptPass(trim($_SESSION['password'])));

鹽必須是加密相同和解密,看到你正在使用的array_rand鹽是每個傳遞不同。你必須把鹽存放在別的地方。如果您移除鹽或將其設置爲常量,現在就可以使用。

來源

2015-08-13 23:02:15 Victory

+0

更改這些行後,我仍然無法登錄。它仍然表示它是錯誤的密碼。 –

+0

這可能是您調用'$ dbMan-> encryptPass()'的兩次中的一次,您傳遞的是不同的明文密碼。嘗試將「echo」$ password
\ n「;'作爲'$ dbMan-> encryptPass($ password)'的第一行進行調試。 – Victory

+0

因此,在添加該行後,它會生成與db中不同的加密密碼。 –

相關問題

 相關問題