drxvjnx58751 2016-10-11 15:30
浏览 825
已采纳

表格不从数据库中读取信息

I am configuring a sign in form from a framework I use every now and then. However, for some reason the $tryagain error keeps populating. I know the information is correct in my database and I even edited the password within the database to remove the hash to eliminate this as the problem.

Does anyone have a clue as to why it keeps throwing the try again error saying the information is wrong? I am able to register a user and then I redirect them to this page to allow them to sign in, so the sign in is the only issue.

Please let me know if you need more code from the framework. I did not want to post loads of code.

ini_set('display_errors', 1);
error_reporting(E_ALL);
require_once 'core/init.php';

if(Input::exists()) {
    if(Token::check(Input::get('token'))) {

        $validate = new Validate();
        $validation = $validate->check($_POST, array(
            'username' => array('required' => true),
            'password' => array('required' => true)
        ));

        if($validation->passed()) {
            $user = new User();

            $remember = (Input::get('remember') === 'on') ? true : false;
            $login = $user->login(Input::get('username'), Input::get('password'), $remember);
            //var_dump($login);

            if($login) {
                Redirect::to('index');
            } else {
                echo $tryagain = '<span class="signinpanel">' . "The information you entered did not match our records." . '</span>';
            }

        } else {
            foreach($validation->errors() as $error) {
                echo $error, '<br>';
            }
        }
    }
}

Form

<?php
    if(Session::exists('home')) {
        echo '<p>' . Session::flash('home') . '</p>';
    }
?>
<form name="Sign In" action="" method="POST" autocomplete="on" accept-charset= "utf-8">
        <div class="field"> 
            <label for="username">Username</label>
            <input type="text" name="username" autocomplete="on" required>
        </div>
        <div class="field">
            <label for="password">Password</label>
            <input type="password" name="password" autocomplete="off" required>
        </div>  
        <div class="field"> 
            <label for="remember">
            <input type="checkbox" name="remember" id="remember"> Remember me
            </label>
        </div><br>
        <input type="hidden" name="token" value="<?php echo Token::generate(); ?>">
        <input type="submit" value="Sign In"> 
    </form>

Login function

public function login($username = null, $password = null, $remember = false)    {

if(!$username && !$password && $this->exists()) {
    Session::put($this->_sessionName, $this->data()->id);
} else {
    $user = $this->find($username);

    if($user) {
        if($this->data()->password === Hash::make($password, $this->data()->salt)) {
            Session::put($this->_sessionName, $this->data()->id);

            if($remember) {
                $hash = Hash::unique();
                $hashCheck = $this->_db->get('users_session', array('user_id', '=', $this->data()->id));

                if(!$hashCheck->count()) {
                    $this->_db->insert('users_session', array(
                        'user_id' => $this->data()->id,
                        'hash' => $hash
                    ));
                } else {
                    $hash = $hashCheck->first()->hash;
                }

                Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
            }
            return true;
        }
    }

}
return false;

}

Hash file

class Hash {
    public static function make($string, $salt = '') {
        return hash('sha256', $string . $salt);
    }

    public static function salt($length) {
        return mcrypt_create_iv($length);
    }

    public static function unique() {
        return self::make(uniqid());
    }
}
  • 写回答

1条回答 默认 最新

  • donglefu6195 2016-10-12 10:33
    关注

    I think your error lies in the check you are making here:

    if($this->data()->password === Hash::make($password, $this->data()->salt)) {
        Session::put($this->_sessionName, $this->data()->id);

    If I read this correctly you are taking the value that the user has entered and are then creating a brand new Hash of the password with a new random salt being fed in. This value will change every time the code is executed but is (very) unlikely to ever be identical to the input password.

    Initially this answer was based on the Laravel libraries:

    Instead of using Hash:make use Hash::check as the guard to entering that block:

    if(Hash::check($this->data()->password, $password)){
        Session::put($this->_sessionName, $this->data()->id);

    This should give a pathway to let the login() function return true.

    However, as @becky indicated that they weren't using Laravel a more general answer was needed:

    The underlying problem that you have is that you're checking the plaintext password against the encrypted (hashed) password. In all good algorithms this won't be the same thing which is why it's never going to return true from the function.

    What you need to do is check the hashed version of what the user has entered: Hash::make($password, $this->data()->salt) with the value that you've stored (because you only store the hashed version). If you can change the code to compare those two values they should be the same and so the identity operator === will return a true value.

    Further discussions, and some debugging, indicated that what was coming back from the DB wasn't what was being created on the page by the 

    Hash::make($password, $this->data()->salt)

    statement. On closer inspection it emerged that the length of the column on the db had been reduced from 64 characters to 50. As the Hash::make() function returned a 64-character hash the two could never equate. Remaking that DB column and regenerating the password hashes fixed the problem.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器