盐在数据库中存储错误。!
salts stored wrong in database.!
我的测试函数:
<?php
include_once("core/init.php");
$admin = new Admin();
$name = "akhil";
$password = "daydreamers";
$salt = Hash::salt(24);
$hash = Hash::make($password,$salt);
/*echo $hash;
echo "<br/>";*/
$admin->newAdmin($name,$hash,$salt);
$dsalt = $admin->getSalt($name);
if($salt != $dsalt){
echo "Wrong";
}
/*echo Hash::make($password,$dsalt);
echo "<br/>";
//$admin->verify($name,$password);
echo $admin->getPassword($name);*/
?>
哈希 class :
<?php
class Hash{
public static function make($string,$salt=''){
return hash('sha256', $string . $salt);
}
public static function salt($length){
return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
}
}
?>
database structure
我存储的盐和从数据库中检索的盐不匹配。我浏览了其他似乎建议增加列大小但不起作用的帖子。
由于您使用的是密码,我建议切换到 password_hash() 函数,而忘记上面的不安全实现。 password_hash() 函数会处理盐,您不需要单独存储它,只需将散列存储在单个 varchar(255) 字段中即可。
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
我的测试函数:
<?php
include_once("core/init.php");
$admin = new Admin();
$name = "akhil";
$password = "daydreamers";
$salt = Hash::salt(24);
$hash = Hash::make($password,$salt);
/*echo $hash;
echo "<br/>";*/
$admin->newAdmin($name,$hash,$salt);
$dsalt = $admin->getSalt($name);
if($salt != $dsalt){
echo "Wrong";
}
/*echo Hash::make($password,$dsalt);
echo "<br/>";
//$admin->verify($name,$password);
echo $admin->getPassword($name);*/
?>
哈希 class :
<?php
class Hash{
public static function make($string,$salt=''){
return hash('sha256', $string . $salt);
}
public static function salt($length){
return mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
}
}
?>
database structure
我存储的盐和从数据库中检索的盐不匹配。我浏览了其他似乎建议增加列大小但不起作用的帖子。
由于您使用的是密码,我建议切换到 password_hash() 函数,而忘记上面的不安全实现。 password_hash() 函数会处理盐,您不需要单独存储它,只需将散列存储在单个 varchar(255) 字段中即可。
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);