doulian5857 2011-06-14 17:24
浏览 14
已采纳

php盐身份验证

Thank you for your honest criticism towards my ignorance in php/mysql and I appreciate your help concerning this issue.

After making the corrections suggested below I'm running into the issue where the registered 

sha1(md5($password).$salt)

is not === when compared to the login authentication 

sha1(md5($password).$row['salt']);

So I created a script to see what the login script was seeing and it compares the two. 

 $query = "UPDATE `users` SET `form_password` = '$encrypted'  WHERE `username` = '$username'";  
     mysql_query($query) or die (mysql_error());

password is registered as "1fcb4bdeb8a98151f5f74a2af0b5045ec277c501"

and being called back as "f2c04d2583f111fcd41288dc75901f6c870cfc6b"

Here is the updated script on login:

else {  

$password = $_POST['password'];
$username = mysql_real_escape_string($_POST['username']);


$sql  =  "SELECT `password`, `salt` FROM `users` WHERE `username` = '$username' LIMIT 0,1";
$result = mysql_query($sql) or die(mysql_error());

if (is_resource($result) && mysql_num_rows($result) > 0){
    $row        =   mysql_fetch_array($result);
    $encrypted  =   sha1(md5($password).$row['salt']);

     if($encrypted === $row['password']){
    header('Location: page3.php');
    exit;
     } else{

     $query = "UPDATE `users` SET `form_password` = '$encrypted'  WHERE `username` = '$username'";  
     mysql_query($query) or die (mysql_error());

    header('Location: page2.php');
    exit;
     }
} else{
header('Location: page4.php');
exit;
}
}
  • 写回答

4条回答 默认 最新

  • douling6469 2011-06-14 17:31
    关注

    a) How large is your password field in the database? SHA1 hashes are 40 characters long, so if you've got a field size less than that, your hashed password will be truncated.

    b) Putting or die() on your $sql = ... line is pointless. Creating a string is extraordinarily unlikely to fail. You need to put the or die() on the line where the query is actually executed:

    $sql = "..."
$result = mysql_query($sql) or die(...);

    c) Your code is vulnerable to sql injection, as you paste the user-provided username and password directly into your queries without escaping.

    d) You don't check if the query to get the user's pw/salt succeeds. If the username is incorrect, the query will retrieve no rows. This isn't an error condition, as the query did what it was supposed to. You need to check, via mysql_num_rows($result) if the query did return a row or not.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 相敏解调 matlab
  • ¥15 求lingo代码和思路
  • ¥15 公交车和无人机协同运输
  • ¥15 stm32代码移植没反应
  • ¥15 matlab基于pde算法图像修复,为什么只能对示例图像有效
  • ¥100 连续两帧图像高速减法
  • ¥15 如何绘制动力学系统的相图
  • ¥15 对接wps接口实现获取元数据
  • ¥20 给自己本科IT专业毕业的妹m找个实习工作
  • ¥15 用友U8:向一个无法连接的网络尝试了一个套接字操作,如何解决?