开发者

Error comparing hash to hashed mysql password (output values are equal)

问答 作者:

Im trying to compare a hashed password value in a mys开发者_Go百科ql database with the hashed value of an inputted password from a login form.

However, when I compare the two values it says they aren't equal. I removed the salt to simply, and then tested what the outputs were and got the same values

$password1 = $_POST['password'];
$hash = hash('sha256', $password1);
...connect to database, etc...
$query = "SELECT *
    FROM users
    WHERE username = '$username1'";
$result = mysql_query($query);
$userData = mysql_fetch_array($result);
if($hash != $userData['password']) //incorrect password
{
    echo $hash."|".$userData['password'];
   die();
}
...other code...

Sample output:

7816ee6a140526f02289471d87a7c4f9602d55c38303a0ba62dcd747a1f50361| 7816ee6a140526f02289471d87a7c4f9602d55c38303a0ba62dcd747a1f50361

Any thoughts?

I was having the exact same problem. var_dump() was telling me that I had two variables with the same properties, string(128). The only way I was able to get the comparison to work was to cast the hashed values as strings:

$password1 = $_POST['password'];
$hash = (string)hash('sha256', $password1);
...
$userData = (string)mysql_fetch_array($result);

if($hash == $userData) {
  //This should return true.
}

Try using strcmp. String comparisons with == or != rarely go well.

if(strcmp($hash, $userData['password']) != 0) {
    //this would be where the password was incorrect.
}

It may very well be treating it as a number for some reason and failing the comparison.

Try switching != to == and switch content. Like this

if($hash == $userData['password']) //incorrect password
{
    //proc login...
}
else
{
    echo $hash."|".$userData['password'];
   die();

}

I'm not sure why is that happening but you can be sure it will work in my case

EDIT: you did something wrong in your case. works for me

== is an object hashcode comparison, you need to use a strcmp function to compare string literals.

Not sure if you ever got this solved but I just wasted 30 minutes with the exact same problem. Turns out my mysql value had an extra space at the end. It was a test user I manually added to the database and somehow got an extra space when copying and pasting the hashed password.

Not sure if this applies to your situation or not but I thought I'd share anyway.

继续阅读:hashphpstring-comparison

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9