但是,当我无法将密码字符串与登录表单中的哈希登录密码成功匹配时。我已经将所有内容都删除为基本的,即使输出(echo或var_dump)看起来相同,它仍然不匹配。
以下是注册码片段:
$_POST['dk_username'] = mysql_real_escape_string($_POST['dk_username']);
$_POST['dk_password'] = mysql_real_escape_string($_POST['dk_password']);
$username = stripslashes($_POST['dk_username']);
$password = stripslashes($_POST['dk_password']);
$salt = uniqid(mt_rand());
$newhash= $salt . $password;
$hashPass= hash('sha512', $newhash);
$email=$_POST['email'];
$sql="INSERT INTO users (uName,uPass2,uEmail,uSalt,uID)
VALUES ('$username','$hashPass','$email', '$salt', 'time()')";
mysql_query($sql) or die('Error, insert query failed');
以下是登录代码段:
$_POST['dk_username'] = mysql_real_escape_string($_POST['dk_username']);
$_POST['dk_password'] = mysql_real_escape_string($_POST['dk_password']);
$username = stripslashes($_POST['dk_username']);
$password = stripslashes($_POST['dk_password']);
$query = "SELECT uID, uPass2, uSalt, uName FROM users WHERE uName = '$username';";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such user exists
{ echo 'Wrong username and/or password!';
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$salt=$userData['uSalt'];
$newhash= $salt . $password;
$hashPass= hash('sha512', $newhash);
$tempData=strcmp($hashpass, $userData['uPass2']);
if(hashPass != $userData['uPass2']){
echo "password not correct:<br/>";
echo "db: " . var_dump($userData['uPass2']) . "<br />";
echo "in: " . var_dump($hashPass) . "<br />;
echo $tempData . "<BR />";
}else{
echo "logged in";
}
登录结果:
password not correct:
string(128) "98f713244f3d97e8629222f8d37e3cad38c5c1e2fbf011c135723f36b7841ef29785b1866ac6dbab9cd044b12db8e4d16a4c68df1e3d7b8f4a27a8c3d4c9bca5" db:
string(128) "98f713244f3d97e8629222f8d37e3cad38c5c1e2fbf011c135723f36b7841ef29785b1866ac6dbab9cd044b12db8e4d16a4c68df1e3d7b8f4a27a8c3d4c9bca5" in:
-128
答案 0 :(得分:3)
$
$hashPass
if(hashPass != $userData['uPass2']){
目前它正在导致PHP将$userData['uPass2']与名为hashPass的常量进行比较(如果未定义常量,则PHP将其视为字符串'hashPass'。)
设置error_reporting以包含E_NOTICE会导致PHP吐出关于“常量”的通知。