ds0802 2017-03-30 04:59
浏览 9
已采纳

在crypt密码之后,验证功能不佳

now i using this code to crypt my password on database,it function when login or validation.
But it only valid the first 7 character.
let say my password is miow12345, but i can just type in miow123 or miow12312q... to login

$pas = crypt($_POST["pas"], "MiO1!");

validation.php

    if(isset($_POST['username']))
{
$username = $_POST['username'];
}
if (isset($_POST['password'])) 
{
$password=crypt($_POST["password"], "MiO1!");
}


$q = 'SELECT * FROM users WHERE username=:username AND password=:password';

$query = $dbh->prepare($q);

$query->execute(array(':username' => $username, ':password' => $password));


if($query->rowCount() == 0)
{
header('Location: login.php?err=1');
}

another method(same problem)

if( crypt($_POST["pas"], "TmP2!") != $row["password"])
  • 写回答

2条回答 默认 最新

  • dongyi9023 2017-03-30 07:04
    关注

    PHP's crypt function only uses the first eight characters, that's by design (http://php.net/manual/en/function.crypt.php).

    You should use password_hash instead when storing a password in the database and use password_verify to compare it to the password the user entered:

    if (password_verify($_POST["pas"], $row["password"]))

    (this code won't work for you right now, since you have crypt-hashed passwords in your DB, you will have to re-hash them using password_hash)

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 前端echarts坐标轴问题
  • ¥15 CMFCPropertyPage
  • ¥15 ad5933的I2C
  • ¥15 请问RTX4060的笔记本电脑可以训练yolov5模型吗?
  • ¥15 数学建模求思路及代码
  • ¥50 silvaco GaN HEMT有栅极场板的击穿电压仿真问题
  • ¥15 谁会P4语言啊,我想请教一下
  • ¥15 这个怎么改成直流激励源给加热电阻提供5a电流呀
  • ¥50 求解vmware的网络模式问题 别拿AI回答
  • ¥24 EFS加密后,在同一台电脑解密出错,证书界面找不到对应指纹的证书,未备份证书,求在原电脑解密的方法,可行即采纳