堆栈内存溢出
  简体   繁体   English

使用PDO预备语句的PHP crypt验证错误

[英]PHP crypt validation with PDO prepared statement Error

 原文  2014-02-06 23:59:52       php/ pdo/ crypt

问题描述

and sorry for the [duplicate] . [重复]感到抱歉。 i spent a day, not able to find a solution. 我花了一天时间,找不到解决方法。 I am having a problem with crypt (validation) , here is my code: 我的crypt (验证)有问题,这是我的代码: 

    function generateHash($password, $round=10){
          $salt=substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
          $salt=str_replace("+",".",$salt);
          $param='$'.implode('$',array(
               "2y",
                str_pad($round,2,"0",STR_PAD_LEFT),
                $salt
                )
          );
          return crypt($password,$param);
    }


//NOW I INSERT HASH TO DB
    $input = "abc";
    $hashed = generateHash($input);

    $createAccount=$db->prepare("INSERT INTO account ....
    ':secret'   => $hashed;
    .....));    // Until here, no problem, $hashed can be inserted correctely into my db (password, Varchar (64)

Now after registration, user likes to login, here is the problem. 现在注册后,用户喜欢登录,这就是问题所在。 First, i'm checking, to see, if i did well the function 首先,我正在检查,看我是否功能很好 

    $input = "abc";
    $forCheck = "abc";
    $hashedHash = generateHash($input);

    if (crypt($forCheck, $hashedHash) == $hashedHash) {
        echo "MATCH";
    }else {
        echo "NOT MATCH";
    }
    // OUTPUT: "MATCH"

The problem is here: 问题在这里: 

    $check=$db->prepare("SELECT id, password FROM account WHERE email = :email ");
    $check->execute(array(
        ':email' => $user
        )
    );
    if ($check->rowCount() <= 0) {
         echo "You are not registered";
    }else {
         $sRow=$check->fetchAll(PDO::FETCH_ASSOC);
         foreach ($sRow as $row) {
              $hashedHash = generateHash($row['password']);

              if (crypt($input, $hashedHash) == $hashedHash) {
                    echo "Passwords Matched";
              }else {
                    echo "Passwords did not match";
              }
          }
      }
      // OUTPUT: "Passwords did not match"

Any help please ? 有什么帮助吗?

1 个解决方案

解决方案1
 0  2014-02-07 00:28:13

The problem is here... 问题在这里... 

$hashedHash = generateHash($row['password']);

You aren't storing a plain text password so why would you pass the hash through generateHash again? 您没有存储纯文本密码,那么为什么又要通过generateHash传递哈希呢? Should simply be 应该只是 

if (crypt($input, $row['password']) == $row['password'])

I'd also take this opportunity to clean up your query logic. 我也将借此机会清理您的查询逻辑。 For one thing, PDOStatement::rowCount should not be relied upon. 一方面, PDOStatement::rowCount 应该依靠。 

$check = $db->prepare('SELECT id, password FROM account WHERE email = :email LIMIT 1');
$check->execute([':email' => $user]);
if ($row = $check->fetch(PDO::FETCH_ASSOC)) {
    if (crypt($input, $row['password']) == $row['password']) {
        echo 'Passwords Matched';
    } else {
        echo 'Password did not match';
    }
} else {
    echo 'You are not registered';
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP PDO准备语句中的错误 - Error in PHP PDO Prepared Statement PHP PDO准备语句参数导致错误 - PHP PDO Prepared Statement parameter causing error php pdo mssql准备好的语句 - php pdo mssql prepared statement PHP PDO准备好的语句没有执行 - PHP PDO prepared statement is not executing PHP PDO更新预备语句 - PHP PDO update prepared statement PHP PDO Basic编写的声明 - PHP PDO Basic prepared statement PDO准备好的语句错误1064 - PDO prepared statement Error 1064 PHP PDO Prepared 语句绑定 NULL 值 - PHP PDO Prepared statement bind NULL value PHP PDO MySQL count()预备语句 - PHP PDO MySQL count() prepared statement 在 PHP 中使用准备好的 PDO 语句 - 二进制数 - Using prepared PDO statement with PHP - binary numbers
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM