源码

首页 » 归档 » 源码 » php – 如何从数据库和auth用户收回盐渍密…

php – 如何从数据库和auth用户收回盐渍密…


这是我第一次使用salted密码实现成员站点的试验,这些密码都存储在DB(MySQL)中.除了“登录会员”页面中的错误外,一切正常.

错误:
会员登录页面接受会员网站的任何条目,并且由于某种原因通过我的支票$result === false

这是检查成员是否存在的代码,请让我知道问题所在:

$servername = 'localhost';
$username = 'root';
$pwd = '';
$dbname = 'lp001';

$connect = new mysqli($servername,$username,$pwd,$dbname);

if ($connect->connect_error){
    die('connection failed, reason: '.$connect->connect_error);
}


$name = mysqli_real_escape_string($connect, $_POST['name']);
$password = mysqli_real_escape_string($connect, $_POST['password']);
$saltQuery = "SELECT salt FROM users WHERE name = '$name';";
$result = mysqli_query($connect, $saltQuery);
if ($result === false){
    die(mysqli_error());
}
$row = mysqli_fetch_assoc($result);
$salt = $row['salt'];

$saltedPW = $password.$salt;
$hashedPW = hash('sha256', $saltedPW);
$sqlQuery = "SELECT * FROM users WHERE name = '$name' AND password = '$hashedPW'";

if (mysqli_query($connect, $sqlQuery)){
    echo '

Welcome to the member site '.$name.'

'; }else{ echo 'error adding the query: '.$sql_q.'
Reason: '.mysqli_error($connect); }
(0)

本文由 投稿者 创作,文章地址:https://blog.isoyu.com/archives/php-ruhecongshujukuheauthyonghushouhuiyanzimi.html
采用知识共享署名4.0 国际许可协议进行许可。除注明转载/出处外,均为本站原创或翻译,转载前请务必署名。最后编辑时间为:9月 18, 2019 at 07:26 下午

热评文章