dongxian3852 2016-04-04 18:18
浏览 68

PDO odbc返回错误的哈希密码字符串

Im hashing my users password into a SQL Server 2008 R2. The registration goes fine. The hashed password is saved correctly through this code:

$password = password_hash($password, PASSWORD_DEFAULT);
    // Insert the new user into the database 
    $insert_stmt = $db->conn->prepare("INSERT INTO $db->DB_NAME.dbo.SGU_USUARIO (USUARIO, EMAIL, CONTRASENA, RUT_ALUMNO, ID_PERFIL)"
            . " VALUES (:USUARIO, :EMAIL, :CONTRASENA, :RUT_ALUMNO, :ID_PERFIL)");

    $insert_stmt->bindParam(':USUARIO', $usuario, PDO::PARAM_STR);
    $insert_stmt->bindParam(':EMAIL', $email, PDO::PARAM_STR);
    $insert_stmt->bindParam(':CONTRASENA', $password, PDO::PARAM_STR);
    $insert_stmt->bindParam(':RUT_ALUMNO', $rut_alum, PDO::PARAM_STR);
    $insert_stmt->bindParam(':ID_PERFIL', $id_perfil, PDO::PARAM_INT);

    if (! $insert_stmt->execute()) {
        $error_msg = '<div class="alert alert-danger"><strong>Error!</strong> Registro de usuario fallido.</div>';
    }else{
        $error_msg = '<div class="alert alert-success">Usuario registrado exitosamente.</div>';
    }

When i want to do the login script i do the following:

if ($stmt = $db->conn->prepare("SELECT * FROM $db->DB_NAME.dbo.SGU_USUARIO WHERE EMAIL = :EMAIL")) {

        $stmt->bindParam(':EMAIL', $email, PDO::PARAM_STR);
        $stmt->execute();
        $resultado = $stmt->fetch(PDO::FETCH_ASSOC);

        if(!empty($resultado)){

            if (password_verify($password, $resultado['CONTRASENA'])) {
                    // Password is correct!
                    // Get the user-agent string of the user.
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    // XSS protection as we might print this value
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                    // XSS protection as we might print this value
                    $resultado['USUARIO'] = preg_replace("/[^a-zA-Z0-9_\-]+/", 
                                                                "", 
                                                                $resultado['USUARIO']);
                    $_SESSION['username'] = $resultado['USUARIO'];
                    $_SESSION['login_string'] = hash('sha512', 
                              $resultado['CONTRASENA'] . $user_browser);
                    // Login successful.
                    return true;
                }
}

This always returns false because for some reason the users info is arriving with problem in the email and the hashed password.

If i do var_dump() from the users info that i get with the first query i get this:

array (size=6)
  'ID_USUARIO' => string '1' (length=1)
  'USUARIO' => string 'joshe.onate' (length=11)
  'EMAIL' => string '�|����� |�����!���' (length=20)
  'CONTRASENA' => string '�|�����`|�����!�������!   �������RUT_ALUMNO�����!�������!���' (length=60)
  'RUT_ALUMNO' => string '166604168' (length=9)
  'ID_PERFIL' => string '2' (length=1)
|� |�!
|�`|�!!RUT_ALUMNO!!

For some reason the hashed and the email fields are arriving with problems.

Thank you in advanced for you help.

  • 写回答

1条回答 默认 最新

  • dongxi8993 2016-04-04 18:29
    关注

    Ok so my problem was that in SQl Server i said that those fields were MAX varchar. I leave it in varchar(100) and everything returned correctly.

    评论

报告相同问题?

悬赏问题

  • ¥20 机器学习能否像多层线性模型一样处理嵌套数据
  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效