Php 使用SHA512哈希,但仍然无法读取密码。登录时仍然无效。为什么?
如何正确读取哈希密码?因为当我尝试登录时,它仍然显示无效密码。我不知道怎么了。我很难修好这个 这是我的login.phpPhp 使用SHA512哈希,但仍然无法读取密码。登录时仍然无效。为什么?,php,mysql,hash,passwords,Php,Mysql,Hash,Passwords,如何正确读取哈希密码?因为当我尝试登录时,它仍然显示无效密码。我不知道怎么了。我很难修好这个 这是我的login.php $con = mysql_connect("localhost","root",""); $db = @mysql_select_db("buybranded"); // Select the database to use mysql_select_db("buybranded",$con); if(! $con) { die('Connection Failed'
$con = mysql_connect("localhost","root","");
$db = @mysql_select_db("buybranded");
// Select the database to use
mysql_select_db("buybranded",$con);
if(! $con)
{
die('Connection Failed'.mysql_error());
}
$user=$_POST["email"];
$pass=$_POST["password"];
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$hashed = hash('sha512', $pass);
$result = mysql_query("SELECT * FROM users WHERE email = $user AND password= $hashed");
if (!$row = mysql_fetch_array($result))
{
die(mysql_error());
}
if($row["username"]==$user && $row["password"]==$pass)
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
?>
这是我的checklogin.php
$con = mysql_connect("localhost","root","");
$db = @mysql_select_db("buybranded");
// Select the database to use
mysql_select_db("buybranded",$con);
if(! $con)
{
die('Connection Failed'.mysql_error());
}
$user=$_POST["email"];
$pass=$_POST["password"];
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$hashed = hash('sha512', $pass);
$result = mysql_query("SELECT * FROM users WHERE email = $user AND password= $hashed");
if (!$row = mysql_fetch_array($result))
{
die(mysql_error());
}
if($row["username"]==$user && $row["password"]==$pass)
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
?>
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="buybranded"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$email=$_POST['email'];
$password=$_POST['password'];
$query=mysql_query("SELECT * FROM users where email = '$email'");
session_start();
while($row = mysql_fetch_array($query)){
$_SESSION["email"] = $row['email'];
$_SESSION["password"] = $row['password'];
$_SESSION["first_name"] = $row['first_name'];
echo $_SESSION['first_name'];
$_SESSION["middle_name"] = $row['middle_name'];
$_SESSION["last_name"] = $row['last_name'];
$_SESSION["gender"] = $row['gender'];
$_SESSION["birth_date"] = $row['birth_date'];
$_SESSION["home_address"] = $row['home_address'];
$_SESSION["mobile_phone"] = $row['mobile_phone'];
$_SESSION["home_phone"] = $row['home_phone'];
$_SESSION["postal_code"] = $row['postal_code'];
$_SESSION["city"] = $row['city'];
$_SESSION["province"] = $row['province'];
}
// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
while($row = mysql_fetch_array($result)){
//remove this line ******header("location:customer_home.php");
if($row['type'] == 'admin'){
$_SESSION['isAdmin'] = true;
header("location: admin.php");
} else if($row['type'] == 'customer'){
header("location: customer_home.php");
}
}
}
else {
header('refresh: 0.1; url=sign-in.php');
$message = "Invalid Email or Password, Redirecting..";
die("<script type='text/javascript'>alert('$message');</script>"); // To prevent evil people manipulating the page, kill the script using die.
}
?>
必须使用变量$hashed=hash'sha512',$password;,发送sql查询;,而不是checklogin.php中的$password。因为您使用的是SHA512,您是否检查了表的数据类型是否为CHAR 128?正如亚历山大所说。将其放在checklogin.php中您缺少分隔密码的引号。请记住,像SHA-*这样的快速算法不适合散列密码,而应该使用像成本因素一样的慢速算法。我仍然得到相同的结果。密码无效。即使我输入正确。
$con = mysql_connect("localhost","root","");
$db = @mysql_select_db("buybranded");
// Select the database to use
mysql_select_db("buybranded",$con);
if(! $con)
{
die('Connection Failed'.mysql_error());
}
$user=$_POST["email"];
$pass=$_POST["password"];
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$hashed = hash('sha512', $pass);
$result = mysql_query("SELECT * FROM users WHERE email = $user AND password= $hashed");
if (!$row = mysql_fetch_array($result))
{
die(mysql_error());
}
if($row["username"]==$user && $row["password"]==$pass)
echo"You are a validated user.";
else
echo"Sorry, your credentials are not valid, Please try again.";
?>
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="buybranded"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$email=$_POST['email'];
$password=$_POST['password'];
$query=mysql_query("SELECT * FROM users where email = '$email'");
session_start();
while($row = mysql_fetch_array($query)){
$_SESSION["email"] = $row['email'];
$_SESSION["password"] = $row['password'];
$_SESSION["first_name"] = $row['first_name'];
echo $_SESSION['first_name'];
$_SESSION["middle_name"] = $row['middle_name'];
$_SESSION["last_name"] = $row['last_name'];
$_SESSION["gender"] = $row['gender'];
$_SESSION["birth_date"] = $row['birth_date'];
$_SESSION["home_address"] = $row['home_address'];
$_SESSION["mobile_phone"] = $row['mobile_phone'];
$_SESSION["home_phone"] = $row['home_phone'];
$_SESSION["postal_code"] = $row['postal_code'];
$_SESSION["city"] = $row['city'];
$_SESSION["province"] = $row['province'];
}
// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
while($row = mysql_fetch_array($result)){
//remove this line ******header("location:customer_home.php");
if($row['type'] == 'admin'){
$_SESSION['isAdmin'] = true;
header("location: admin.php");
} else if($row['type'] == 'customer'){
header("location: customer_home.php");
}
}
}
else {
header('refresh: 0.1; url=sign-in.php');
$message = "Invalid Email or Password, Redirecting..";
die("<script type='text/javascript'>alert('$message');</script>"); // To prevent evil people manipulating the page, kill the script using die.
}
?>