Php 存储哈希密码与哈希输入密码的比较
我目前正在为我的网站登录系统, 我有两个文件是 sign_up.phpPhp 存储哈希密码与哈希输入密码的比较,php,html,Php,Html,我目前正在为我的网站登录系统, 我有两个文件是 sign_up.php function createSalt(){ $key = md5(uniqid(rand(), TRUE)); return substr($key, 0, 22); } $salt = createSalt(); $hash = hash("sha256", $password); $password = hash("sha256", $sa
function createSalt(){
$key = md5(uniqid(rand(), TRUE));
return substr($key, 0, 22);
}
$salt = createSalt();
$hash = hash("sha256", $password);
$password = hash("sha256", $salt.$hash);
$userLevel = '1';
$sql = "INSERT INTO users (username, email, password, salt, dob, userLevel)
VALUES (?,?,?,?,?,?)";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "sssssi", $username, $email, $password,
$salt, $birthdate, $userLevel);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
}
和sign_in.php
if (isset($_POST['username']))
$username = sanitize($_POST['username']);
if (isset($_POST['password']))
$password = sanitize($_POST['password']);
$sql = "SELECT *
FROM users
WHERE username = '$username'";
$queryresult = mysqli_query($conn, $sql);
if (!$queryresult)
echo "Unable to query table". mysqli_error();
else{
//get the data from database
while($row = mysqli_fetch_array($queryresult)) {
$salt = $row['salt']; //salt retrieved from the database
$dbpassword = $row['password']; //password retrieved from the database
$finalhash = hash("sha256", $password);
$finalhash1 = hash("sha256", $salt.$finalhash);
//check the password inputed by user to the database
if ($finalhash1 == $dbpassword){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
echo "Hi $row[1], you are now logged in as $row[3]";
die ("<p><a href=administrator_page.php>Click here to continue</a></p>");
}
else
echo "<h2> Invalid username/password combination \n</h2>";
有人能帮我吗?非常感谢,谢谢 表中密码字段的类型/长度是多少?请检查数据库中存储哈希密码的列的类型和大小。它能容纳多少个字符?它似乎在截断密码OMG先生。对我把varchar50作为密码表,我把它改成了更高的值,现在它可以工作了。谢谢问题解决了吗?我邀请您发布您的解决方案作为答案,并将您的问题标记为已解决:-
f0b2dbf93305ce2eef8f5a1f45ab8b1046a7b9ba8ee2f305c3 --> stored password in mySQL
f0b2dbf93305ce2eef8f5a1f45ab8b1046a7b9ba8ee2f305c3f2fce10d5f199f --> inputed password from user