Php 如何用随机盐散列密码?
这是我用随机盐散列密码的代码。但不幸的是,它不想工作,它给出了一个错误的密码 脚本的第一部分,用户对其凭证进行编码Php 如何用随机盐散列密码?,php,Php,这是我用随机盐散列密码的代码。但不幸的是,它不想工作,它给出了一个错误的密码 脚本的第一部分,用户对其凭证进行编码 <?php echo "enter the username \n"; $username = trim(fgets(STDIN)); echo "enter the password\n"; $password = trim(fgets(STDIN)); //connecting to database $con=mysqli_connect("lo
<?php
echo "enter the username \n";
$username = trim(fgets(STDIN));
echo "enter the password\n";
$password = trim(fgets(STDIN));
//connecting to database
$con=mysqli_connect("localhost","sqldata","sqldata","accounts");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$salt = time();
$hashedPassword = sha1($password . $salt);
echo "$hashedPassword";
mysqli_query($con,"INSERT INTO login (username, salt, password)
VALUES ('$username', '$hashedPassword','$salt')");
mysqli_close($con)
?>
<?php
echo "enter the username \n";
$username = trim(fgets(STDIN));
echo "enter the password\n";
$password = trim(fgets(STDIN));
//connecting to database
$db = mysql_connect("localhost","sqldata","sqldata") or die(mysql_error());
//selecting our database
$db_select = mysql_select_db("accounts", $db) or die(mysql_error());
$result= mysql_query("select * from login where username = '$username' ");
if ( !$result ) exit("$userName wasn't found in the database!");
$row = mysql_fetch_array($result);
$storedPassword = $row['password'];
$salt = $row['salt'];
$hashedPassword = sha1($password . $salt);
if ( $storedPassword != $hashedPassword ) {
exit( 'incorrect password!' );
} else {
echo "ok";
}
?>
您将盐存储在
密码列中,反之亦然
mysqli_query($con,"INSERT INTO login (username, salt, password)
VALUES ('$username', '$hashedPassword','$salt')");
将此更改为:
mysqli_query($con,"INSERT INTO login (username, password, salt)
VALUES ('$username', '$hashedPassword','$salt')");