drby30217 2015-03-23 17:40
浏览 22
已采纳

加密盐加密登录[关闭]

I am sure this might be simple for someone but well.

It is hard for me, I want to make a login using ispconfig client info and it works well except the password needs to match the ispconfig password which uses a crypt / salt encryption as far as I know how would i match this with the password the user enter?

So far I have this but i does not seem to work:

$clientPassword = $_POST['password'];
$selectUserPass = mysqli_query($con, "SELECT * FROM client");
$Passcollected = stripslashes($selectUserPass['password']);
$salt = '$1$'.substr($saved_password, 3, 8).'$';
$clientPasswordSafe = crypt(stripslashes($clientPassword), $salt);

Thanks!

  • 写回答

1条回答 默认 最新

  • dongqi8114 2015-03-23 20:04
    关注

    If the password was really hashed with the crypt() function, then you could verify it like this:

    $clientPassword = $_POST['password'];
$selectUserPass = mysqli_query($con, "SELECT * FROM client");
$Passcollected = $selectUserPass['password'];
$isPasswordCorrect = crypt($clientPassword, $Passcollected) === $Passcollected;

    Or even easier with the new password function:

    $clientPassword = $_POST['password'];
$selectUserPass = mysqli_query($con, "SELECT * FROM client");
$Passcollected = $selectUserPass['password'];
$isPasswordCorrect = password_verify($clientPassword, $Passcollected);

    Note that i did not use the stripslashes() function, escaping is not necessary before hashing. The salt is part of the stored hash and will be extracted automatically by the verifying function.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 高价求中通快递查询接口
  • ¥15 解决一个加好友限制问题 或者有好的方案
  • ¥15 关于#java#的问题,请各位专家解答!
  • ¥15 急matlab编程仿真二阶震荡系统
  • ¥20 TEC-9的数据通路实验
  • ¥15 ue5 .3之前好好的现在只要是激活关卡就会崩溃
  • ¥50 MATLAB实现圆柱体容器内球形颗粒堆积
  • ¥15 python如何将动态的多个子列表,拼接后进行集合的交集
  • ¥20 vitis-ai量化基于pytorch框架下的yolov5模型
  • ¥15 如何实现H5在QQ平台上的二次分享卡片效果?