PHP-使用sha1哈希密码的登录功能,无法使其正常工作
[英]PHP - login-function using sha1 hashed password, can't get it to work
问题描述
for a college project I need to create a simple registration and login function. 
对于一个大学项目,我需要创建一个简单的注册和登录功能。 We are required to hash the password using sha1 (I know its not secure), and add a specific salt at the start of the password. 我们需要使用sha1(我知道它不安全)对密码进行哈希处理,并在密码开头添加特定的字符。 Data is being stored in a mySQL database. 数据存储在mySQL数据库中。 The registration.php seems to be working out, but I'm having trouble comparing the password from the html form to the password stored in the database. registration.php似乎正在运行,但是我无法将html表单中的密码与数据库中存储的密码进行比较。 Been googling for a day now, but I am only finding login-functions using the password_verify() function, which doesn't seem to work with sha1. 现在已经搜索了一天,但是我只能使用password_verify()函数找到登录功能,该功能似乎不适用于sha1。 Apologies if the solution or obvious, VERY new to php. 道歉,如果解决方案或明显的,非常新的PHP。
Didn't include my connection-part of the code, it's working as intended. 没有包括我的连接部分的代码,它按预期工作。 no matter what I input in the fields in the html-form, I get the "invalid username or password" output no matter what. 无论我在html表单的字段中输入什么,无论如何我都会得到“无效的用户名或密码”输出。
$formUsername = mysqli_real_escape_string($connect, $_REQUEST['username']);
$formPassword = mysqli_real_escape_string($connect, $_REQUEST['password']);
$sql = "SELECT passord FROM bruker WHERE brukerNavn = '$formUsername';";
$passwordFraDatabase = mysqli_query($connect, $sql);
$row = mysqli_fetch_assoc($passwordFraDatabase);
$passordSomString = $row['passord'];
$salt = 'IT2_2018';
$passwordFraForm = sha1($salt . $formPassword);
if ($passwordFraForm == $passordSomString) {
echo("Logged in");
}
else echo("invalid username or password");
Edit: To those saying I shouldn't use sha1, read the entire question, I specifically said I was required to use sha1, its a college project. 编辑:对于那些说我不应该使用sha1的人,请阅读整个问题,我特别说过我必须使用sha1,这是一个大学项目。 Since someone asked, this is how the password is registered in the first place: 既然有人问过了,那么这就是首先注册密码的方式:
$email = mysqli_real_escape_string($connect, $_REQUEST['email']);
$username = mysqli_real_escape_string($connect, $_REQUEST['username']);
$password = mysqli_real_escape_string($connect, $_REQUEST['password']);
$salt = 'IT2_2018';
$securepassword = sha1($salt . $password);
$sql = "INSERT INTO bruker (ePost, brukerNavn, passord) VALUES ('$email', '$username', '$securepassword')";
if(mysqli_query($connect, $sql)){
echo "user registered!";
} else{
echo "could not register user " . mysqli_error($connect);
}
1 个解决方案
解决方案1
0 2017-11-02 16:55:05
In Php default compare function (strcmp) and (==) operator both can compare maximum of 32bit character string. 在Php中,默认比较功能(strcmp)和(==)运算符都可以比较最多32位字符串。 So more than 32bit character string must be compared using (strncmp) function. 因此,必须使用(strncmp)函数比较32位以上的字符串。
In your case as you using sha1 which producing 160bit string thats why it is not working. 在您的情况下,使用sha1会产生160bit的字符串,这就是为什么它不起作用的原因。 So use strncmp(str1,str2,maximum_length_want_to_compare); 因此使用strncmp(str1,str2,maximum_length_want_to_compare);
In your case it will be 在你的情况下
if (strncmp($passwordFraForm, $passordSomString,160)==0){ echo("Logged in"); 如果(strncmp($ passwordFraForm,$ passordSomString,160)== 0){echo(“ Logged in”); } else echo("invalid username or password"); } else echo(“无效的用户名或密码”);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.