哈希pw不会让我登录

时间:2014-02-26 04:04:31

标签: php login hash mysqli

所以我正在重写我的注册页面和登录页面,我试图将密码存储为hash('sha256')而不是md5()。存储哈希密码的工作完全正常,但它不会让我登录。我很累,我害怕我错过了什么。我必须解决这个问题才能让我上床睡觉。欢迎任何帮助!

这是我的登录处理文件:

include 'db_connect.php';
include 'functions.php';

sec_session_start();

if(isset($_POST['login'], $_POST['password'])) {

    //Data form
    $email = safe($mysqli,$_POST['email']); 
    $password = safe($mysqli,$_POST['password']);

    $getSalt = mysqli_query($mysqli,"SELECT salt FROM members WHERE email = '$email';");

    if (!$getSalt) {
        $errorMsg  = 'Invalid query: ' . mysqli_error() . "\n";
        die($errorMsg);
    }

    $row = mysqli_fetch_assoc($getSalt);
    $salt = $row['salt'];

    //Find user
    $saltedPW =  $password . $salt;
    $hashedPW = hash('sha256', $saltedPW);
    $findUser = mysqli_query($mysqli,"SELECT * FROM members WHERE email = '$email' AND password = '$hashedPW'");


    $count = mysqli_num_rows($findUser);

    if($count == 1) {
        session_register("email");
        session_register("password");

        header("Location: loggedin.php");

    } else {

    echo "Wrong username and/or password";

    }

}

我缺少什么:(

编辑,这是我的注册处理页面: 

<?php

include 'db_connect.php';

$errorMsg = "";

if(isset($_POST['register'])) {

    //Data van het form
    $email = mysqli_real_escape_string($mysqli,$_POST['email']); 
    $password = mysqli_real_escape_string($mysqli,$_POST['password']);
    $rePassword = mysqli_real_escape_string($mysqli,$_POST['re_password']);

    //Check if all the fields are filled in
    if ($email == NULL || $password == NULL || $rePassword == NULL)  {  

        $errorMsg  = 'Please fill in all the fields';
        die($errorMsg); 
    }

    //Check if email already exist in the db
    $checkEmail = mysqli_query($mysqli,"SELECT * FROM members WHERE email = '$email'");
    if (mysqli_num_rows($checkEmail) > 0){

        $errorMsg = 'Emailadres is already registered';
        die($errorMsg);

    }

    //Check if the passwords are matching
    if ( $password == $rePassword ) {

        //If they do match, create a hashpw + salt
        $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
        $saltedPW =  $password . $salt;
        $hashedPW = hash('sha256', $saltedPW);

    }


    //Add the user to the table
    if (empty($errorMsg)) {
    $addUser = mysqli_query($mysqli,"INSERT INTO members (email, password, salt) values ('$email', '$hashedPW', '$salt') ");

        echo "User has been created";

    } else {

        $errorMsg = 'Error. The user has NOT been created';
        die($errorMsg);

    }
}
?>

编辑#2 - 登录问题已修复。 正如Jamie注意到的那样,我在登录处理文件中使用了safe函数,并在寄存器文件中使用了整个转义字符串。我已经通过添加$ mysqli来编辑函数abit,这对我有用。

function safe($mysqli,$value) { 
   return mysqli_real_escape_string($mysqli,$value); 
}

我目前面临的唯一“问题”是重定向页面(由于session_register()函数已被$ _SESSION替换,因此应该保护直接访问它而没有登录的人员)。不知何故,我编辑的受保护页面无效。我一醒来就会调查它。

感谢您的帮助! :-D

0 个答案:

没有答案
相关问题
最新问题