开发者

password salting - never matches! [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center. Closed 9 years ago.

I'm having difficulty figuring out why user password hashing is not working.

The way I do this is the normal method, where upon registration I create a randam salt and combine with password and store, but when I try to match the passwords for the login, they're failing :(

<?php
class Model_users extends ModelType_DatabasePDO
{

 //...

 public function CheckCredentials($username,$password)
 {
  $statement = $this->prepare('SELECT user_id,user_salt,user_password FROM users WHERE user_username = :u');
  $statement->bindValue(':u',$username);

  if($statement->execute())
  {
   $user_data = $statement->fetch(PDO::FETCH_OBJ);

   //Create a new hash with salt
   $combined = $this->CombineHash($password,$user_data->user_salt);

   //Check the combination is correct!
   if($combined == $user_data->user_password)
   {
    return true;
   }

   var_dump($user_data->user_salt,$combined);
   return false;
  }
  return false;
 }

 //...

 public function AddUser($userdata)
 {
  if($userdata['username'] && $userdata['password'] && $userdata['email'] && $userdata['nickname'])
  {
   $statement = $this->prepare('INSERT INTO users (user_username,user_password,user_salt,user_email,user_nickname) VALUES (:username,:password,:salt,:email,:nickname)');

   //Generate hashes
   $salt = $this->GenerateSalt();
   $password = $this->CombineHash($userdate['password'],$salt);

   //Generate Data block for insert
   $data = array(
    ':username' => $userdata['username'],
    ':password' => $password,
    ':salt'  => $salt,
    ':email' => $userdata['email'],
    ':nickname' => $userdata['nickname']
   );

   if($statement->execute($data))
   {
    return true;
   }
  }
  return false;
 }

 private function GenerateSalt()
 {
  //Create a random md5 string:
  $first = md5( rand(0,100) . time() . microtime() . uniqid() );
  $second = md5( rand(0,100) . time() . microtime() . uniqid() );

  for($i=0;$i<=32;$i++)
  {
   $string = '';
   if($i % 2)
   {
    $string .= $first[$i];
   }else
   {
    $stri开发者_运维问答ng .= $second[$i];
   }
  }
  return md5($string);
 }

 private function CombineHash($password,$hash)
 {
  return md5($password . $hash);
 }
}
?>

All variables passed into the methods are raw and not salted or encrypted but merely validated :/

Regards


Your code appears to have a typo

 $password = $this->CombineHash($userdate['password'],$salt);

$userdate needs to be $userdata (the e needs to be an a).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜