Fatal编程技术网
  • php/
  • Php 使用SHA512哈希,但仍然无法读取密码。登录时仍然无效。为什么?

Php 使用SHA512哈希,但仍然无法读取密码。登录时仍然无效。为什么?

php mysql hash passwords

Php 使用SHA512哈希,但仍然无法读取密码。登录时仍然无效。为什么?,php,mysql,hash,passwords,Php,Mysql,Hash,Passwords,如何正确读取哈希密码?因为当我尝试登录时,它仍然显示无效密码。我不知道怎么了。我很难修好这个 这是我的login.php $con = mysql_connect("localhost","root",""); $db = @mysql_select_db("buybranded"); // Select the database to use mysql_select_db("buybranded",$con); if(! $con) { die('Connection Failed'

如何正确读取哈希密码?因为当我尝试登录时,它仍然显示无效密码。我不知道怎么了。我很难修好这个

这是我的login.php 
$con = mysql_connect("localhost","root","");
$db = @mysql_select_db("buybranded");
// Select the database to use
mysql_select_db("buybranded",$con);
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

$user=$_POST["email"];
$pass=$_POST["password"];

$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);



$hashed = hash('sha512', $pass);
$result = mysql_query("SELECT * FROM users WHERE email = $user AND password= $hashed");

if (!$row = mysql_fetch_array($result))
{
die(mysql_error());
}

if($row["username"]==$user && $row["password"]==$pass)
    echo"You are a validated user.";
else
    echo"Sorry, your credentials are not valid, Please try again.";
?>
这是我的checklogin.php

$con = mysql_connect("localhost","root","");
$db = @mysql_select_db("buybranded");
// Select the database to use
mysql_select_db("buybranded",$con);
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

$user=$_POST["email"];
$pass=$_POST["password"];

$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);



$hashed = hash('sha512', $pass);
$result = mysql_query("SELECT * FROM users WHERE email = $user AND password= $hashed");

if (!$row = mysql_fetch_array($result))
{
die(mysql_error());
}

if($row["username"]==$user && $row["password"]==$pass)
    echo"You are a validated user.";
else
    echo"Sorry, your credentials are not valid, Please try again.";
?>

<?php


$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="buybranded"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 

$email=$_POST['email']; 
$password=$_POST['password']; 
$query=mysql_query("SELECT * FROM users where email = '$email'");
session_start();

    while($row = mysql_fetch_array($query)){
    $_SESSION["email"] = $row['email'];
    $_SESSION["password"] = $row['password'];
    $_SESSION["first_name"] = $row['first_name'];
    echo $_SESSION['first_name'];
    $_SESSION["middle_name"] = $row['middle_name'];
    $_SESSION["last_name"] = $row['last_name'];
    $_SESSION["gender"] = $row['gender'];
    $_SESSION["birth_date"] = $row['birth_date'];
    $_SESSION["home_address"] = $row['home_address'];
    $_SESSION["mobile_phone"] = $row['mobile_phone'];
    $_SESSION["home_phone"] = $row['home_phone'];
    $_SESSION["postal_code"] = $row['postal_code'];
    $_SESSION["city"] = $row['city'];
    $_SESSION["province"] = $row['province'];
}
// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"


    while($row = mysql_fetch_array($result)){
        //remove this line ******header("location:customer_home.php");
        if($row['type'] == 'admin'){
            $_SESSION['isAdmin'] = true;
            header("location: admin.php");
        } else if($row['type'] == 'customer'){
            header("location: customer_home.php");
        }
    }
}

else {

header('refresh: 0.1; url=sign-in.php');
$message = "Invalid Email or Password, Redirecting..";
die("<script type='text/javascript'>alert('$message');</script>"); // To prevent evil people manipulating the page, kill the script using die.

}

?>
必须使用变量$hashed=hash'sha512',$password;,发送sql查询;,而不是checklogin.php中的$password。

因为您使用的是SHA512,您是否检查了表的数据类型是否为CHAR 128?正如亚历山大所说。将其放在checklogin.php中

您缺少分隔密码的引号。请记住,像SHA-*这样的快速算法不适合散列密码,而应该使用像成本因素一样的慢速算法。我仍然得到相同的结果。密码无效。即使我输入正确。 
$con = mysql_connect("localhost","root","");
$db = @mysql_select_db("buybranded");
// Select the database to use
mysql_select_db("buybranded",$con);
if(! $con)
{
    die('Connection Failed'.mysql_error());
}

$user=$_POST["email"];
$pass=$_POST["password"];

$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);



$hashed = hash('sha512', $pass);
$result = mysql_query("SELECT * FROM users WHERE email = $user AND password= $hashed");

if (!$row = mysql_fetch_array($result))
{
die(mysql_error());
}

if($row["username"]==$user && $row["password"]==$pass)
    echo"You are a validated user.";
else
    echo"Sorry, your credentials are not valid, Please try again.";
?>

<?php


$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="buybranded"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 

$email=$_POST['email']; 
$password=$_POST['password']; 
$query=mysql_query("SELECT * FROM users where email = '$email'");
session_start();

    while($row = mysql_fetch_array($query)){
    $_SESSION["email"] = $row['email'];
    $_SESSION["password"] = $row['password'];
    $_SESSION["first_name"] = $row['first_name'];
    echo $_SESSION['first_name'];
    $_SESSION["middle_name"] = $row['middle_name'];
    $_SESSION["last_name"] = $row['last_name'];
    $_SESSION["gender"] = $row['gender'];
    $_SESSION["birth_date"] = $row['birth_date'];
    $_SESSION["home_address"] = $row['home_address'];
    $_SESSION["mobile_phone"] = $row['mobile_phone'];
    $_SESSION["home_phone"] = $row['home_phone'];
    $_SESSION["postal_code"] = $row['postal_code'];
    $_SESSION["city"] = $row['city'];
    $_SESSION["province"] = $row['province'];
}
// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"


    while($row = mysql_fetch_array($result)){
        //remove this line ******header("location:customer_home.php");
        if($row['type'] == 'admin'){
            $_SESSION['isAdmin'] = true;
            header("location: admin.php");
        } else if($row['type'] == 'customer'){
            header("location: customer_home.php");
        }
    }
}

else {

header('refresh: 0.1; url=sign-in.php');
$message = "Invalid Email or Password, Redirecting..";
die("<script type='text/javascript'>alert('$message');</script>"); // To prevent evil people manipulating the page, kill the script using die.

}

?>