遵循本教程:http://www.gregboggs.com/php-blowfish-random-salted-passwords/我一直在尝试在我的注册表中实现密码加密。目前,我运行的代码没有任何错误,但没有任何数据被添加到数据库中。我知道SQL语句是正确的,因为在我开始实现加密功能之前,它一直在工作。
以下是我目前所拥有的:
<?php
CRYPT_BLOWFISH or die ('No Blowfish found.');
include_once "config.php";
include_once "libpassword.php";
//This string tells crypt to use blowfish for 5 rounds.
$Blowfish_Pre = '$2a$05$';
$Blowfish_End = '$';
if($_POST["username"] && $_POST["email"] && $_POST["password1"] && $_POST["password2"]) {
if($_POST["password1"] = $_POST["password2"]) {
$password1 = mysql_real_escape_string ($_POST["password1"]);
// Blowfish accepts these characters for salts.
$Allowed_Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
$Chars_Len = 63;
// 18 would be secure as well.
$Salt_Length = 21;
$salt = "";
//$mysql_date = date( 'Y-m-d' );
for($i=0; $i<$Salt_Length; $i++)
{
$salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
}
$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;
$hashed_password = crypt($password1, $bcrypt_salt);
/* create a prepared statement */
$stmt = mysqli_prepare($link, "INSERT INTO `users` (`username`, `email`, `password`, `salt`) VALUES (?, ?, ?, ?)");
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "ssss", $_POST["username"], $_POST["email"], $hashed_password, $salt);
/* execute query */
mysqli_stmt_execute($stmt);
/* close statement */
mysqli_stmt_close($stmt);
print "<h1>You have registered sucessfully!</h1>";
print "<a href='main_login.html'>Log in</a>";
}
else print "Your passwords do not match, try again!";
}
else print "Please fill out the entire form!";
/* close connection */
mysqli_close($link);
?>
PHP版本说明:由于WAMP服务器目前只支持php5.4.12,我使用的是这个兼容库:https://github.com/ircmaxell/password_compat.
BUMP:我已经研究了一段时间了,但我仍然不知道为什么没有插入数据。我再次测试了SQL语句。我在代码中呼应了$password1、$bcrypt_salt、$hashed_password,以确保它们正常工作,并且这些变量都包含正确的信息。有什么想法吗?
如果您只想比较$password1和$password2,那么您只需检查:
$hash1 = password_hash("$password1", PASSWORD_BCRYPT, $options)."n";
$hash2 = password_hash("$password2", PASSWORD_BCRYPT, $options)."n";
if ($hash1 == $hash2) {
echo 'matched';
}
但这并不是很有用,因为您想要从user获得$password1和$hash2从商店然后:
if (password_verify($password1, $hash2)) {
echo 'matched';
}