带有哈希密码的代码 PHP 无法工作
code php with hashed password couldn't work
我想创建一个网页,用户在其中引入登录名和密码,他将被重定向到另一个网页。
登录名和密码由管理员提供,密码应进行哈希处理。我尝试使用在互联网上找到的代码(我已经做了一些更改),但它对我不起作用(我认为原因是哈希密码)请告诉我故障在哪里。
所用代码的链接:http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
(目前我已经在数据库中插入了一行,其中包含示例中提到的登录名和密码)
我使用示例中给出的密码测试了我的代码:
登录:登录1 密码: 6ZaxN2Vzm9NUJT2y为了能够以该用户身份登录,您需要的代码是:
插入enquete 。Etablissement 值(1
登录.html页面:
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8 " />
<title>Log In</title>
<script type="text/JavaScript" src="./sha512.js"></script>
<script type="text/JavaScript" src="./forms.js"></script>
</head>
<body>
<?php
if(isset($_GET['error'])) {
echo 'Error Logging In!';
}
?>
<form action="process_login.php" method="post" name="login_form">
Email: <input type="text" name="LoginEtab" />
Password: <input type="text" name="PwdEtab" id="PwdEtab"/>
<input type="button" value="Login" onclick="formhash(this.form, this.form.PwdEtab);" />
</form>
</body>
</html>
表单.js页:
function formhash(form, PwdEtab) {
// Create a new element input, this will be our hashed password field.
var p = document.createElement("input");
// Add the new element to our form.
form.appendChild(p);
p.name = "p";
p.type = "hidden";
p.value = hex_sha512(PwdEtab.value);
// Make sure the plaintext password doesn't get sent.
p.value = "";
// Finally submit the form.
form.submit();
}
process_login.php页:
<?php
include 'db_connect.php';
include 'functions.php';
sec_session_start(); // Our custom secure way of starting a PHP session.
if (isset($_POST['LoginEtab'], $_POST['p'])) {
$LoginEtab = $_POST['LoginEtab'];
$PwdEtab = $_POST['p']; // The hashed password.
if (login($LoginEtab, $PwdEtab, $mysqli) == true)
{
// Login success
header('Location: ./protected_page.html');
} else {
// Login failed
header('Location: ./index.php?error=1');
}
} else {
// The correct POST variables were not sent to this page.
echo 'Invalid Request';
}
?>
功能.php页 :
<?php
include 'psl-config.php';
function sec_session_start() {
$session_name = 'MyOwnsession'; // Set a custom session name
$secure = SECURE;
// This stops JavaScript being able to access the session id.
$httponly = true;
// Forces sessions to only use cookies.
ini_set('session.use_only_cookies', 1);
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
// Sets the session name to the one set above.
session_name($session_name);
session_start(); // Start the PHP session
session_regenerate_id(); // regenerated the session, delete the old one.
}
function login($LoginEtab, $PwdEtab, $mysqli) {
// Using prepared statements means that SQL injection is not possible.
if ($stmt = $mysqli->prepare("SELECT IDEtablissement , LoginEtab, PwdEtab, salt FROM etablissement WHERE LoginEtab = ? LIMIT 1"))
{
$stmt->bind_param('s', $LoginEtab); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($db_IDEtablissement, $db_LoginEtab, $db_PwdEtab, $salt);
$stmt->fetch();
// hash the password with the unique salt.
$PwdEtab = hash('sha512', $PwdEtab . $salt);
if ($stmt->num_rows == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
echo"text";
// Check if the password in the database matches
// the password the user submitted.
if ($db_PwdEtab == $PwdEtab) {
// Password is correct!
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
// XSS protection as we might print this value
$db_IDEtablissement = preg_replace("/[^0-9]+/", "", $db_IDEtablissement);
$_SESSION['db_IDEtablissement'] = $db_IDEtablissement;
// XSS protection as we might print this value
$db_LoginEtab = preg_replace("/[^a-zA-Z0-9_'-]+/","",$db_LoginEtab);
$_SESSION['db_LoginEtab'] = $db_LoginEtab;
$_SESSION['login_string'] = hash('sha512',$PwdEtab .$user_browser);
// Login successful.
return true;
echo"false2";
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
echo"false1";
}
}
} else {
// No user exists.
return false;
echo"false";
}
}
?>
db_connect.php页
<?php
include 'psl-config.php'; // Needed because functions.php is not included
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
?>
PSL-config.php' page :
<?php
/**
* These are the database login details
*/
define("HOST", "localhost"); // The host you want to connect to.
define("USER", "root"); // The database username.
define("PASSWORD", ""); // The database password.
define("DATABASE", "enquete"); // The database name.
define("SECURE", FALSE);
?>
更新:我总是被重定向到索引页面:header('位置:./index.php?error=1');
而 appach 日志是:
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant HOST already defined in C:''wamp''www''loginSecurity''psl-config.php on line 5, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:''wamp''www''loginSecurity''process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:''wamp''www''loginSecurity''process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:''wamp''www''loginSecurity''functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:''wamp''www''loginSecurity''psl-config.php:5, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant USER already defined in C:''wamp''www''loginSecurity''psl-config.php on line 6, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:''wamp''www''loginSecurity''process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:''wamp''www''loginSecurity''process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:''wamp''www''loginSecurity''functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:''wamp''www''loginSecurity''psl-config.php:6, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant PASSWORD already defined in C:''wamp''www''loginSecurity''psl-config.php on line 7, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:''wamp''www''loginSecurity''process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:''wamp''www''loginSecurity''process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:''wamp''www''loginSecurity''functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:''wamp''www''loginSecurity''psl-config.php:7, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant DATABASE already defined in C:''wamp''www''loginSecurity''psl-config.php on line 8, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:''wamp''www''loginSecurity''process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:''wamp''www''loginSecurity''process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:''wamp''www''loginSecurity''functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:''wamp''www''loginSecurity''psl-config.php:8, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Notice: Constant SECURE already defined in C:''wamp''www''loginSecurity''psl-config.php on line 18, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 1. {main}() C:''wamp''www''loginSecurity''process_login.php:0, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 2. include() C:''wamp''www''loginSecurity''process_login.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 3. include() C:''wamp''www''loginSecurity''functions.php:3, referer: http://localhost/loginSecurity/login.html
[Tue Mar 01 11:57:58 2016] [error] [client 127.0.0.1] PHP 4. define() C:''wamp''www''loginSecurity''psl-config.php:18, referer: http://localhost/loginSecurity/login.html
更新我发现问题出在哪里:)我必须添加到我的代码中
$PwdEtab = hash('sha512', $PwdEtab );
在登录功能中使用盐的哈希之前
您需要psl-config.php两次包含文件,请尝试include_once而不是include
****** EDIT ******
让我们让它工作。
首先,对新密码进行哈希处理:
include_once 'psl-config.php';
$user = 'admin';
$pass = '123';
$token = 'test';
$password = hash('sha512', $pass . $token);
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
$stmt = $mysqli->prepare("UPDATE etablissement SET LoginEtab = '{$user}', PwdEtab = '{$password}', salt = '{$token}' WHERE IDEtablissement = 1");
$stmt->execute();
然后,更改表单:
<form action="process_login.php" method="post" name="login_form">
Email: <input type="text" name="LoginEtab" value="admin"/>
<br><br>
Password: <input type="text" name="PwdEtab" id="PwdEtab" value="123"/>
<br><br>
<input type="submit" value="Login"/>
</form>
现在更改process_login.php:
<?php
include_once 'db_connect.php';
include_once 'functions.php';
sec_session_start(); // Our custom secure way of starting a PHP session.
if (isset($_POST['LoginEtab'])) { //<======CHANGE HERE
$LoginEtab = $_POST['LoginEtab'];
$PwdEtab = $_POST['PwdEtab']; // The hashed password. //<======AND HERE
if (login($LoginEtab, $PwdEtab, $mysqli) == true) {
// Login success
header('Location: ./protected_page.html');
} else {
// Login failed
header('Location: ./index.php?error=1');
}
} else {
// The correct POST variables were not sent to this page.
echo 'Invalid Request';
}
瞧。
更新我发现问题出在哪里:)我必须添加到我的代码中
$PwdEtab = hash('sha512', $PwdEtab );
在登录功能中使用盐的哈希之前最后它对我有用:)
相关文章:
- PHP Javascript显示/隐藏按钮不工作
- 如何使MailHandler.php在Wordpress中工作
- 如何检查这个代码点火器php函数是否工作,该函数是否在ajax url中使用
- 如何在php中创建一个函数,该函数与文本区域一起工作,通过输入类似[color:red]的内容来打印具有等效颜色的文本
- 如何使Jquery编码的动态下拉菜单与PHP GET变量协调工作
- Foreach无法在php和Jquery中工作
- document.title函数可以't设置它与php一起工作
- 递增 PHP 变量在 JSCRIPT 文档工作方面
- 类似按钮增量计数器不工作.PHP,AJAX,MySQL,javascript
- PHP:运行后变量不工作“;如果“;命令
- 为什么带有php-var的javascript代码不是't工作
- 无法使autocompletion与bootstrap和php代码点火器一起工作
- onClick按钮不工作javascript/php/jquery mobile
- Ajax调用PHP失败,ASP正常工作.NET
- 我怎么能与评级星星和PHP工作
- 按钮不能在Chrome (Jquery/Javascript/css/php)工作
- 我如何使这个AJAX/PHP工作
- URL重定向基于输入,但如果输入URL不存在,则不重定向无法使PHP工作
- 用javascript生成表单元素并将它们发布到php工作在EI而不是在Chrome和Firefox
- 将Javascript插入PHP工作表
