Register.php
$query = "
INSERT INTO users(
email,
pass,
salt
) VALUES (
:email,
:password,
:salt
)
";
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
$query_params = array(
':email' => $_POST['email'],
':password' => $password,
':salt' => $salt
);
的login.php
if($row)
{
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['pass'])
{
// If they do, then we flip this to true
$login_ok = true;
}
}
密码/用户名是正确的,因此无法弄清楚为什么这不起作用。在数据库中,散列传递长度与我不确定正确的salt密码相同
答案 0 :(得分:1)
检查pass列是否为varchar,长度大于或等于散列密码。我认为您保存的存储密码已被截断。