PHP strcmp 没有正确比较

Question

我有一个用 php 编写的简单登录脚本，当我 运行 它应该比较彼此的 2 个密码哈希值。这是我使用的代码；

$UUID = $_POST['UUID'];
$pass = $_POST['pass'];

// finds the same user where the uuid is the same as the one given in the post request
$query  = "SELECT * FROM users WHERE UUID = '$UUID'";
$result = mysql_query($query) or die(mysql_error());

//gets the info
while($row = mysql_fetch_assoc($result)) {
    $Password = $row['UUIDPass']; // gets the hashed password from the server
    $salt = $row['salt']; // gets the salt from the server
}

// hashes the given password with the salt from the MYSQL server
$passcheck = hash("sha256", $pass . $salt);

// checks if the hashed password above is the same as the hash in the server
if (strcmp($Password, $passcheck))
{
    echo "Correct!";
}
else
{
    echo "Something went wrong!";
}

所以我在这里做的是，我正在比较用户给定的密码和服务器中的密码。怎么了？

Answer 1

给你举个例子

<?php

    if(strcmp("Hello","Hello"))
    {
      echo "Match";
    }
    else
    {
       echo "No Match";
    }
?>

说 No Match 因为你的检查不正确，因为 return 成功的值是 0，你必须使用

if(strcmp("Hello","Hello")==0)

也可以从手册本身来确认

strcmp

Returns < 0 if str1 is less than str2; > 0 if str1 is greater than str2, and 0 if they are equal.

Answer 2

确保您使用相同的哈希进行加密。
您还必须在每个阶段使用回声。 strcmp() 函数在 php.

中运行良好