drby30217 2015-03-23 17:40
浏览 22
已采纳

加密盐加密登录[关闭]

I am sure this might be simple for someone but well.

It is hard for me, I want to make a login using ispconfig client info and it works well except the password needs to match the ispconfig password which uses a crypt / salt encryption as far as I know how would i match this with the password the user enter?

So far I have this but i does not seem to work:

$clientPassword = $_POST['password'];
$selectUserPass = mysqli_query($con, "SELECT * FROM client");
$Passcollected = stripslashes($selectUserPass['password']);
$salt = '$1$'.substr($saved_password, 3, 8).'$';
$clientPasswordSafe = crypt(stripslashes($clientPassword), $salt);

Thanks!

  • 写回答

1条回答 默认 最新

  • dongqi8114 2015-03-23 20:04
    关注

    If the password was really hashed with the crypt() function, then you could verify it like this:

    $clientPassword = $_POST['password'];
$selectUserPass = mysqli_query($con, "SELECT * FROM client");
$Passcollected = $selectUserPass['password'];
$isPasswordCorrect = crypt($clientPassword, $Passcollected) === $Passcollected;

    Or even easier with the new password function:

    $clientPassword = $_POST['password'];
$selectUserPass = mysqli_query($con, "SELECT * FROM client");
$Passcollected = $selectUserPass['password'];
$isPasswordCorrect = password_verify($clientPassword, $Passcollected);

    Note that i did not use the stripslashes() function, escaping is not necessary before hashing. The salt is part of the stored hash and will be extracted automatically by the verifying function.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 GDI处理通道视频时总是带有白色锯齿
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)
  • ¥15 自适应 AR 模型 参数估计Matlab程序
  • ¥100 角动量包络面如何用MATLAB绘制
  • ¥15 merge函数占用内存过大
  • ¥15 Revit2020下载问题
  • ¥15 使用EMD去噪处理RML2016数据集时候的原理
  • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大
  • ¥15 单片机无法进入HAL_TIM_PWM_PulseFinishedCallback回调函数