使用PDO預備語句的PHP crypt驗證錯誤
[英]PHP crypt validation with PDO prepared statement Error
問題描述
對[重復]感到抱歉。 我花了一天時間,找不到解決方法。 我的crypt (驗證)有問題,這是我的代碼:
function generateHash($password, $round=10){
$salt=substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
$salt=str_replace("+",".",$salt);
$param='$'.implode('$',array(
"2y",
str_pad($round,2,"0",STR_PAD_LEFT),
$salt
)
);
return crypt($password,$param);
}
//NOW I INSERT HASH TO DB
$input = "abc";
$hashed = generateHash($input);
$createAccount=$db->prepare("INSERT INTO account ....
':secret' => $hashed;
.....)); // Until here, no problem, $hashed can be inserted correctely into my db (password, Varchar (64)
現在注冊后,用戶喜歡登錄,這就是問題所在。 首先,我正在檢查,看我是否功能很好
$input = "abc";
$forCheck = "abc";
$hashedHash = generateHash($input);
if (crypt($forCheck, $hashedHash) == $hashedHash) {
echo "MATCH";
}else {
echo "NOT MATCH";
}
// OUTPUT: "MATCH"
問題在這里:
$check=$db->prepare("SELECT id, password FROM account WHERE email = :email ");
$check->execute(array(
':email' => $user
)
);
if ($check->rowCount() <= 0) {
echo "You are not registered";
}else {
$sRow=$check->fetchAll(PDO::FETCH_ASSOC);
foreach ($sRow as $row) {
$hashedHash = generateHash($row['password']);
if (crypt($input, $hashedHash) == $hashedHash) {
echo "Passwords Matched";
}else {
echo "Passwords did not match";
}
}
}
// OUTPUT: "Passwords did not match"
有什么幫助嗎?
1 個解決方案
解決方案1
0 2014-02-07 00:28:13
問題在這里...
$hashedHash = generateHash($row['password']);
您沒有存儲純文本密碼,那么為什么又要通過generateHash傳遞哈希呢? 應該只是
if (crypt($input, $row['password']) == $row['password'])
我也將借此機會清理您的查詢邏輯。 一方面, PDOStatement::rowCount 不應該依靠。
$check = $db->prepare('SELECT id, password FROM account WHERE email = :email LIMIT 1');
$check->execute([':email' => $user]);
if ($row = $check->fetch(PDO::FETCH_ASSOC)) {
if (crypt($input, $row['password']) == $row['password']) {
echo 'Passwords Matched';
} else {
echo 'Password did not match';
}
} else {
echo 'You are not registered';
}
PHP PDO准備語句中的錯誤
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.