Fatal编程技术网
  • php/
  • Php 存储哈希密码与哈希输入密码的比较

Php 存储哈希密码与哈希输入密码的比较

php html

Php 存储哈希密码与哈希输入密码的比较,php,html,Php,Html,我目前正在为我的网站登录系统, 我有两个文件是 sign_up.php function createSalt(){ $key = md5(uniqid(rand(), TRUE)); return substr($key, 0, 22); } $salt = createSalt(); $hash = hash("sha256", $password); $password = hash("sha256", $sa

我目前正在为我的网站登录系统, 我有两个文件是

sign_up.php

function createSalt(){
        $key = md5(uniqid(rand(), TRUE));
        return substr($key, 0, 22);
}

    $salt      = createSalt();
    $hash      = hash("sha256", $password);
    $password  = hash("sha256", $salt.$hash);
    $userLevel = '1';

    $sql = "INSERT INTO users (username, email, password, salt, dob, userLevel)
            VALUES (?,?,?,?,?,?)";

        if ($stmt = mysqli_prepare($conn, $sql)) {
                    mysqli_stmt_bind_param($stmt, "sssssi", $username, $email, $password, 
                                           $salt, $birthdate, $userLevel);
                    mysqli_stmt_execute($stmt);
                    mysqli_stmt_close($stmt);
        }
和sign_in.php

if (isset($_POST['username']))
    $username  = sanitize($_POST['username']);
if (isset($_POST['password']))
    $password  = sanitize($_POST['password']);

$sql = "SELECT * 
                        FROM users
                        WHERE username = '$username'";

                $queryresult = mysqli_query($conn, $sql);


                if (!$queryresult) 
                      echo "Unable to query table". mysqli_error();
                else{
                      //get the data from database
                      while($row = mysqli_fetch_array($queryresult)) {
                            $salt       = $row['salt']; //salt retrieved from the database
                            $dbpassword = $row['password']; //password retrieved from the database
                            $finalhash  = hash("sha256", $password);
                            $finalhash1 = hash("sha256", $salt.$finalhash);

                            //check the password inputed by user to the database
                            if ($finalhash1 == $dbpassword){
                                    $_SESSION['username'] = $username;
                                    $_SESSION['password'] = $password;
                                    echo "Hi $row[1], you are now logged in as $row[3]";
                                    die ("<p><a href=administrator_page.php>Click here to continue</a></p>");
                             }

                             else
                                echo "<h2> Invalid username/password combination \n</h2>";
有人能帮我吗?非常感谢,谢谢

表中密码字段的类型/长度是多少?请检查数据库中存储哈希密码的列的类型和大小。它能容纳多少个字符?它似乎在截断密码OMG先生。对我把varchar50作为密码表,我把它改成了更高的值,现在它可以工作了。谢谢问题解决了吗?我邀请您发布您的解决方案作为答案,并将您的问题标记为已解决:- 
f0b2dbf93305ce2eef8f5a1f45ab8b1046a7b9ba8ee2f305c3 --> stored password in mySQL
f0b2dbf93305ce2eef8f5a1f45ab8b1046a7b9ba8ee2f305c3f2fce10d5f199f --> inputed password from user