比较 crypt 密码似乎不起作用
comparing crypt passwords doesn't seem to work
我在使用 crypt 比较密码时遇到问题,一个密码来自 post,另一个密码来自我的 database...
这是我的登录代码和示例盐:
$username = $_POST['username'];
$password = $_POST['password'];
$cryptSalt = 'y$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password = crypt($password, $cryptSalt);
if($login = $con->prepare("SELECT userID,userName,userPassword FROM users WHERE userName=?")) {
$login->bind_param("s", $username);
if($login->execute()) {
$login->bind_result($userID,$username,$currentPassword);
while($login->fetch()) {
if(crypt($password, $currentPassword) == $currentPassword) {
echo "<p class='alert'>Password Correct</p>";
} else {
echo "<p class='alert'>Password Incorrect</p>";
};
};
} else {
echo "<p class='alert'>User Not Found</p>";
};
};
$login->close();
每当我输入正确的密码时,它仍然输出密码不正确,这是有原因的吗?
$username = $_POST['username'];
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$emailAddress = $_POST['emailAddress'];
$cryptSalt = 'y$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password = $_POST['password'];
$password = crypt($password, $cryptSalt);
if($register = $con->prepare("INSERT INTO users(userName,userFirstName,userLastName,userEmailAddress,userPassword) VALUES(?,?,?,?,?)")) {
$register->bind_param("sssss", $username,$firstName,$lastName,$emailAddress,$password);
if($register->execute()) {
echo "<p class='alert'>Account Created</p>";
} else {
echo "<p class='alert'>Execution Error: Account Creation</p>";
};
};
$register->close();
注意:这是一个内部网站,sql注入不是问题。
看起来你哈希一次太多了(在第 4 行和第 10 行),但你想要做的是将输入的密码的哈希值与数据库中的哈希值进行比较。
$username = $_POST['username'];
$password = $_POST['password'];
$cryptSalt = 'y$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password = crypt($password, $cryptSalt);
if($login = $con->prepare("SELECT userID,userName,userPassword FROM users WHERE userName=?")) {
$login->bind_param("s", $username);
if($login->execute()) {
$login->bind_result($userID,$username,$currentPassword);
while($login->fetch()) {
if($password == $currentPassword) {
echo "<p class='alert'>Password Correct</p>";
} else {
echo "<p class='alert'>Password Incorrect</p>";
};
};
} else {
echo "<p class='alert'>User Not Found</p>";
};
};
$login->close();
或
$username = $_POST['username'];
$password = $_POST['password'];
$cryptSalt = 'y$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
if($login = $con->prepare("SELECT userID,userName,userPassword FROM users WHERE userName=?")) {
$login->bind_param("s", $username);
if($login->execute()) {
$login->bind_result($userID,$username,$currentPassword);
while($login->fetch()) {
if(crypt($password, $cryptSalt) == $currentPassword) {
echo "<p class='alert'>Password Correct</p>";
} else {
echo "<p class='alert'>Password Incorrect</p>";
};
};
} else {
echo "<p class='alert'>User Not Found</p>";
};
};
$login->close();
我在使用 crypt 比较密码时遇到问题,一个密码来自 post,另一个密码来自我的 database...
这是我的登录代码和示例盐:
$username = $_POST['username'];
$password = $_POST['password'];
$cryptSalt = 'y$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password = crypt($password, $cryptSalt);
if($login = $con->prepare("SELECT userID,userName,userPassword FROM users WHERE userName=?")) {
$login->bind_param("s", $username);
if($login->execute()) {
$login->bind_result($userID,$username,$currentPassword);
while($login->fetch()) {
if(crypt($password, $currentPassword) == $currentPassword) {
echo "<p class='alert'>Password Correct</p>";
} else {
echo "<p class='alert'>Password Incorrect</p>";
};
};
} else {
echo "<p class='alert'>User Not Found</p>";
};
};
$login->close();
每当我输入正确的密码时,它仍然输出密码不正确,这是有原因的吗?
$username = $_POST['username'];
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$emailAddress = $_POST['emailAddress'];
$cryptSalt = 'y$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password = $_POST['password'];
$password = crypt($password, $cryptSalt);
if($register = $con->prepare("INSERT INTO users(userName,userFirstName,userLastName,userEmailAddress,userPassword) VALUES(?,?,?,?,?)")) {
$register->bind_param("sssss", $username,$firstName,$lastName,$emailAddress,$password);
if($register->execute()) {
echo "<p class='alert'>Account Created</p>";
} else {
echo "<p class='alert'>Execution Error: Account Creation</p>";
};
};
$register->close();
注意:这是一个内部网站,sql注入不是问题。
看起来你哈希一次太多了(在第 4 行和第 10 行),但你想要做的是将输入的密码的哈希值与数据库中的哈希值进行比较。
$username = $_POST['username'];
$password = $_POST['password'];
$cryptSalt = 'y$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
$password = crypt($password, $cryptSalt);
if($login = $con->prepare("SELECT userID,userName,userPassword FROM users WHERE userName=?")) {
$login->bind_param("s", $username);
if($login->execute()) {
$login->bind_result($userID,$username,$currentPassword);
while($login->fetch()) {
if($password == $currentPassword) {
echo "<p class='alert'>Password Correct</p>";
} else {
echo "<p class='alert'>Password Incorrect</p>";
};
};
} else {
echo "<p class='alert'>User Not Found</p>";
};
};
$login->close();
或
$username = $_POST['username'];
$password = $_POST['password'];
$cryptSalt = 'y$PizWslhw9Z9oM9QSPt9zY.g9faOSoUdNLO7RemQrWTMY.NOpr3oTG';
if($login = $con->prepare("SELECT userID,userName,userPassword FROM users WHERE userName=?")) {
$login->bind_param("s", $username);
if($login->execute()) {
$login->bind_result($userID,$username,$currentPassword);
while($login->fetch()) {
if(crypt($password, $cryptSalt) == $currentPassword) {
echo "<p class='alert'>Password Correct</p>";
} else {
echo "<p class='alert'>Password Incorrect</p>";
};
};
} else {
echo "<p class='alert'>User Not Found</p>";
};
};
$login->close();