Php 比较散列字符串
我要用这个把头发拔出来。我正在MySQL数据库中存储一个散列salt密码和相关salt。这是一个登录脚本。存储数据工作正常,数据以CHAR(128)类型存储在数据库中 但是,当我无法将密码字符串与登录表单中的哈希登录密码成功匹配时。我已经将所有内容精简为basic,但它仍然不匹配,即使输出(echo或var_dump)看起来相同 以下是注册代码片段:Php 比较散列字符串,php,mysql,hash,Php,Mysql,Hash,我要用这个把头发拔出来。我正在MySQL数据库中存储一个散列salt密码和相关salt。这是一个登录脚本。存储数据工作正常,数据以CHAR(128)类型存储在数据库中 但是,当我无法将密码字符串与登录表单中的哈希登录密码成功匹配时。我已经将所有内容精简为basic,但它仍然不匹配,即使输出(echo或var_dump)看起来相同 以下是注册代码片段: $_POST['dk_username'] = mysql_real_escape_string($_POST['dk_username']);
$_POST['dk_username'] = mysql_real_escape_string($_POST['dk_username']);
$_POST['dk_password'] = mysql_real_escape_string($_POST['dk_password']);
$username = stripslashes($_POST['dk_username']);
$password = stripslashes($_POST['dk_password']);
$salt = uniqid(mt_rand());
$newhash= $salt . $password;
$hashPass= hash('sha512', $newhash);
$email=$_POST['email'];
$sql="INSERT INTO users (uName,uPass2,uEmail,uSalt,uID)
VALUES ('$username','$hashPass','$email', '$salt', 'time()')";
mysql_query($sql) or die('Error, insert query failed');
$_POST['dk_username'] = mysql_real_escape_string($_POST['dk_username']);
$_POST['dk_password'] = mysql_real_escape_string($_POST['dk_password']);
$username = stripslashes($_POST['dk_username']);
$password = stripslashes($_POST['dk_password']);
$query = "SELECT uID, uPass2, uSalt, uName FROM users WHERE uName = '$username';";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such user exists
{ echo 'Wrong username and/or password!';
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$salt=$userData['uSalt'];
$newhash= $salt . $password;
$hashPass= hash('sha512', $newhash);
$tempData=strcmp($hashpass, $userData['uPass2']);
if(hashPass != $userData['uPass2']){
echo "password not correct:<br/>";
echo "db: " . var_dump($userData['uPass2']) . "<br />";
echo "in: " . var_dump($hashPass) . "<br />;
echo $tempData . "<BR />";
}else{
echo "logged in";
}
对于
$hashPass$if(hashPass != $userData['uPass2']){
$userData['uPass2']hashPass'hashPass'error\u reportingE\u通知if(hashPass != $userData['uPass2']){