PHP md5 和 sha1 混淆 - 为什么我得到不同的加密结果?
我在处理注册表单时使用的 php 页面中有一个名为 encrypt_password 的 php 函数:
function encrypt_password($password){
$salt = sha1(md5($password));
$password = md5($password.$salt);
return $password;
}
我尝试在处理登录表单时再次使用它,但得到了不同的结果。
我只需不调用此函数,而是
$salt = sha1(md5($password));
$password = md5($password.$salt);
直接在 process_login 页面上调用:即可获得正确的结果。为什么调用 encrypt_password 会得到不同的结果?
我希望我已经解释得足够清楚了! 谢谢!
I have a php function in a php page called encrypt_password that I use when processing a registration form:
function encrypt_password($password){
$salt = sha1(md5($password));
$password = md5($password.$salt);
return $password;
}
I try to use it again for when I process the login form but I get a different result.
I get the correct result just by not calling this function and instead just calling:
$salt = sha1(md5($password));
$password = md5($password.$salt);
directly on my process_login page. Why would I get a different result by calling encrypt_password?
I hope I have explained this clearly enough!
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我简直不敢相信这是真的。您说您有两个页面,一个带有注册表单,另一个带有登录表单。
他们都必须对用户发布的密码进行加密。
这里可能存在很多问题,具体取决于您如何发现它们不匹配。您是否只是尝试登录并看到密码错误的错误消息?或者您在调用
encrypt_password
后是否回显了密码哈希?如果能够从注册页面和登录页面向我们显示密码“test”的哈希值,那就太好了。也许有人已经看到了一种模式。不管怎样,让我猜一下:
md5(password)
来注册,然后你读到了不安全的地方并添加了盐。现在,您正在比较同一密码的两个不同哈希值,因为密码是使用旧哈希函数存储在数据库中的。$password = $_POST['password'];
设置了$password
。我想在两页上也是如此。两页上的这些陈述都没有错别字吗?那里没有$password = $_POST['password'];
吗?两个元素都命名为“password”吗?
I simply cannot believe this to be true. You say you have two pages, one with a registration form and one with a login form.
They both have to encrypt the password the user has posted.
There can be a number of things wrong here, depending on how you find they don't match. Do you just try to login and see an error that your password is wrong? Or did you echo the password hash after a call to
encrypt_password
? It would be nice to have done that to shown us a hash of the password 'test', from both the registration page and the login page. Perhaps someone could've seen a pattern.Anyway, let me guess:
md5(password)
to register, then you read somewhere that was unsafe and added a salt. Now you're comparing two different hashes for the same password, since the password is stored in the database using the old hashing function.$password
with$password = $_POST['password'];
I guess. On both pages, I guess too. Are those statements on both pages typo-free? No$password = $_POST['pasword'];
there? And are both<input>
elements named "password"?我遇到了同样的问题。
检查数据库中密码字段的长度,散列后的值增加了您在数据库中指定的限制
i faced the same problem .
check the length of password field in db the value after hashed is increased the limit you specified in the db
是的,我检查了代码,没有错误。这是我的代码,没有任何缺陷:
所以,它们是相同的。和 Dimme 一样,我对变量名也有同样的看法。但我无法复制这个。对不起...
Yep, I checked the code and theres is no error. This is my code without any flaws:
So, they are the same. Like Dimme, I thought the same about variable names. But I could not replicate this. Sorry...