1
以下教程:http://www.gregboggs.com/php-blowfish-random-salted-passwords/我一直在嘗試在我的註冊表單中對密碼實施加密。目前我運行的代碼沒有任何錯誤,但沒有數據被添加到數據庫。我知道SQL語句是正確的,因爲它在我開始實現加密功能之前正在工作。密碼加密有問題,沒有錯誤?
這是我到目前爲止有:
<?php
CRYPT_BLOWFISH or die ('No Blowfish found.');
include_once "config.php";
include_once "lib\password.php";
//This string tells crypt to use blowfish for 5 rounds.
$Blowfish_Pre = '$2a$05$';
$Blowfish_End = '$';
if($_POST["username"] && $_POST["email"] && $_POST["password1"] && $_POST["password2"]) {
if($_POST["password1"] = $_POST["password2"]) {
$password1 = mysql_real_escape_string ($_POST["password1"]);
// Blowfish accepts these characters for salts.
$Allowed_Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./';
$Chars_Len = 63;
// 18 would be secure as well.
$Salt_Length = 21;
$salt = "";
//$mysql_date = date('Y-m-d');
for($i=0; $i<$Salt_Length; $i++)
{
$salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
}
$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;
$hashed_password = crypt($password1, $bcrypt_salt);
/* create a prepared statement */
$stmt = mysqli_prepare($link, "INSERT INTO `users` (`username`, `email`, `password`, `salt`) VALUES (?, ?, ?, ?)");
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "ssss", $_POST["username"], $_POST["email"], $hashed_password, $salt);
/* execute query */
mysqli_stmt_execute($stmt);
/* close statement */
mysqli_stmt_close($stmt);
print "<h1>You have registered sucessfully!</h1>";
print "<a href='main_login.html'>Log in</a>";
}
else print "Your passwords do not match, try again!";
}
else print "Please fill out the entire form!";
/* close connection */
mysqli_close($link);
?>
PHP版本注: 作爲WAMP服務器只目前支持php5.4.12本身,我使用這個兼容庫:https://github.com/ircmaxell/password_compat。
BUMP:我已經過了一段時間了,我仍然無法找到數據未插入的原因。我再次測試了SQL語句。我回應了$ password1,$ bcrypt_salt,$ hashed_password整個代碼,以確保它們正常工作,並且這些變量都包含正確的信息。有任何想法嗎?
'if($ _ POST [「password1」] = $ _POST [「password2」])'不應該這樣'if($ _ POST [「password1」] === $ _POST [「password2」])'? 第一個將永遠爲真 – peaceman
嗨,我知道這一點。這一定是我的疏忽,謝謝,因爲發現了這個! – Corey
您是否在語句準備之前檢查了$ bcrypt_salt和$ hashed_password的值?那些'mysqli_ *'函數的結果值是什麼?似乎只是一個基本的調試任務。 – peaceman