将哈希与哈希 mysql 密码进行比较时出错(输出值相等)
我试图将 mysql 数据库中的哈希密码值与登录表单中输入的密码的哈希值进行比较。
然而,当我比较这两个值时,它说它们不相等。我简单地将盐去除,然后测试输出是什么并得到相同的值
$password1 = $_POST['password'];
$hash = hash('sha256', $password1);
...connect to database, etc...
$query = "SELECT *
FROM users
WHERE username = '$username1'";
$result = mysql_query($query);
$userData = mysql_fetch_array($result);
if($hash != $userData['password']) //incorrect password
{
echo $hash."|".$userData['password'];
die();
}
...other code...
示例输出:
7816ee6a140526f02289471d87a7c4f9602d55c38303a0ba62dcd747a1f50361| 7816ee6a140526f02289471d87a7c4f9602d55c38303a0ba62dcd747a1f50361
有什么想法吗?
Im trying to compare a hashed password value in a mysql database with the hashed value of an inputted password from a login form.
However, when I compare the two values it says they aren't equal. I removed the salt to simply, and then tested what the outputs were and got the same values
$password1 = $_POST['password'];
$hash = hash('sha256', $password1);
...connect to database, etc...
$query = "SELECT *
FROM users
WHERE username = '$username1'";
$result = mysql_query($query);
$userData = mysql_fetch_array($result);
if($hash != $userData['password']) //incorrect password
{
echo $hash."|".$userData['password'];
die();
}
...other code...
Sample output:
7816ee6a140526f02289471d87a7c4f9602d55c38303a0ba62dcd747a1f50361| 7816ee6a140526f02289471d87a7c4f9602d55c38303a0ba62dcd747a1f50361
Any thoughts?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
我遇到了完全相同的问题。
var_dump()告诉我,我有两个具有相同属性的变量,string(128)。我能够进行比较的唯一方法是将散列值转换为字符串:I was having the exact same problem.
var_dump()was telling me that I had two variables with the same properties,string(128). The only way I was able to get the comparison to work was to cast the hashed values as strings:尝试使用
strcmp。使用 == 或 != 进行字符串比较很少能顺利进行。由于某种原因,它很可能将其视为数字而导致比较失败。
Try using
strcmp. String comparisons with == or != rarely go well.It may very well be treating it as a number for some reason and failing the comparison.
尝试将 != 切换为 == 并切换内容。像这样
我不知道为什么会发生这种情况,但你可以确定它会在我的情况下工作
编辑:你在你的情况下做错了。 对我有用
Try switching != to == and switch content. Like this
I'm not sure why is that happening but you can be sure it will work in my case
EDIT: you did something wrong in your case. works for me
== 是对象 hashcode 比较,需要使用 strcmp 函数来比较字符串文字。
== is an object hashcode comparison, you need to use a strcmp function to compare string literals.
不确定你是否解决了这个问题,但我只是在同样的问题上浪费了 30 分钟。结果我的 mysql 值末尾有一个额外的空格。这是我手动添加到数据库的测试用户,在复制和粘贴散列密码时不知何故获得了额外的空间。
不确定这是否适用于您的情况,但我想我还是会分享。
Not sure if you ever got this solved but I just wasted 30 minutes with the exact same problem. Turns out my mysql value had an extra space at the end. It was a test user I manually added to the database and somehow got an extra space when copying and pasting the hashed password.
Not sure if this applies to your situation or not but I thought I'd share anyway.