drxvjnx58751 2016-10-11 15:30
浏览 825
已采纳

表格不从数据库中读取信息

I am configuring a sign in form from a framework I use every now and then. However, for some reason the $tryagain error keeps populating. I know the information is correct in my database and I even edited the password within the database to remove the hash to eliminate this as the problem.

Does anyone have a clue as to why it keeps throwing the try again error saying the information is wrong? I am able to register a user and then I redirect them to this page to allow them to sign in, so the sign in is the only issue.

Please let me know if you need more code from the framework. I did not want to post loads of code.

ini_set('display_errors', 1);
error_reporting(E_ALL);
require_once 'core/init.php';

if(Input::exists()) {
    if(Token::check(Input::get('token'))) {

        $validate = new Validate();
        $validation = $validate->check($_POST, array(
            'username' => array('required' => true),
            'password' => array('required' => true)
        ));

        if($validation->passed()) {
            $user = new User();

            $remember = (Input::get('remember') === 'on') ? true : false;
            $login = $user->login(Input::get('username'), Input::get('password'), $remember);
            //var_dump($login);

            if($login) {
                Redirect::to('index');
            } else {
                echo $tryagain = '<span class="signinpanel">' . "The information you entered did not match our records." . '</span>';
            }

        } else {
            foreach($validation->errors() as $error) {
                echo $error, '<br>';
            }
        }
    }
}

Form

<?php
    if(Session::exists('home')) {
        echo '<p>' . Session::flash('home') . '</p>';
    }
?>
<form name="Sign In" action="" method="POST" autocomplete="on" accept-charset= "utf-8">
        <div class="field"> 
            <label for="username">Username</label>
            <input type="text" name="username" autocomplete="on" required>
        </div>
        <div class="field">
            <label for="password">Password</label>
            <input type="password" name="password" autocomplete="off" required>
        </div>  
        <div class="field"> 
            <label for="remember">
            <input type="checkbox" name="remember" id="remember"> Remember me
            </label>
        </div><br>
        <input type="hidden" name="token" value="<?php echo Token::generate(); ?>">
        <input type="submit" value="Sign In"> 
    </form>

Login function

public function login($username = null, $password = null, $remember = false)    {

if(!$username && !$password && $this->exists()) {
    Session::put($this->_sessionName, $this->data()->id);
} else {
    $user = $this->find($username);

    if($user) {
        if($this->data()->password === Hash::make($password, $this->data()->salt)) {
            Session::put($this->_sessionName, $this->data()->id);

            if($remember) {
                $hash = Hash::unique();
                $hashCheck = $this->_db->get('users_session', array('user_id', '=', $this->data()->id));

                if(!$hashCheck->count()) {
                    $this->_db->insert('users_session', array(
                        'user_id' => $this->data()->id,
                        'hash' => $hash
                    ));
                } else {
                    $hash = $hashCheck->first()->hash;
                }

                Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
            }
            return true;
        }
    }

}
return false;

}

Hash file

class Hash {
    public static function make($string, $salt = '') {
        return hash('sha256', $string . $salt);
    }

    public static function salt($length) {
        return mcrypt_create_iv($length);
    }

    public static function unique() {
        return self::make(uniqid());
    }
}
  • 写回答

1条回答 默认 最新

  • donglefu6195 2016-10-12 10:33
    关注

    I think your error lies in the check you are making here:

    if($this->data()->password === Hash::make($password, $this->data()->salt)) {
        Session::put($this->_sessionName, $this->data()->id);

    If I read this correctly you are taking the value that the user has entered and are then creating a brand new Hash of the password with a new random salt being fed in. This value will change every time the code is executed but is (very) unlikely to ever be identical to the input password.

    Initially this answer was based on the Laravel libraries:

    Instead of using Hash:make use Hash::check as the guard to entering that block:

    if(Hash::check($this->data()->password, $password)){
        Session::put($this->_sessionName, $this->data()->id);

    This should give a pathway to let the login() function return true.

    However, as @becky indicated that they weren't using Laravel a more general answer was needed:

    The underlying problem that you have is that you're checking the plaintext password against the encrypted (hashed) password. In all good algorithms this won't be the same thing which is why it's never going to return true from the function.

    What you need to do is check the hashed version of what the user has entered: Hash::make($password, $this->data()->salt) with the value that you've stored (because you only store the hashed version). If you can change the code to compare those two values they should be the same and so the identity operator === will return a true value.

    Further discussions, and some debugging, indicated that what was coming back from the DB wasn't what was being created on the page by the 

    Hash::make($password, $this->data()->salt)

    statement. On closer inspection it emerged that the length of the column on the db had been reduced from 64 characters to 50. As the Hash::make() function returned a 64-character hash the two could never equate. Remaking that DB column and regenerating the password hashes fixed the problem.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)
  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)