在昨天接受了关于散列我的用户名的教育之后,我决定使用MySQL中的AES_ENCRYPT and DECRYPT函数来安全地存储我的用户名。现在我可以用这个加密并存储在我的数据库中:
$con=mysqli_connect($servername, $dbusername, $dbpassword, $dbname);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$stmt = $con->prepare("INSERT INTO users (username, password) VALUES (AES_ENCRYPT(?, '$aesKey'), ?)");
$stmt->bind_param("ss", $username, $password);
$username = $_POST['username'];
$plainPass = $_POST['password'];
$password = password_hash($plainPass, PASSWORD_ARGON2I);
$stmt->execute();
$stmt->close();
$con->close();
echo "";
}
?>
我正在使用一个256位的加密密钥,它是从配置文件加载的,被称为
$aesKey
但是,当我尝试登录时,我无法。什么都没发生。没有SQL错误被打印,但是我得到了
PHP Notice: Undefined variable: username
. 代码如下:
$submittedUser = $_POST['username'];
$submittedPass = $_POST['password'];
$con=mysqli_connect($servername, $dbusername, $dbpassword, $dbname);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if ($stmt = mysqli_prepare($con, "SELECT * FROM users Where username =AES_DECRYPT(?, '$aesKey')")) {
mysqli_stmt_bind_param($stmt, "s", $submittedUser);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
echo mysqli_error($con);
}
while($row = mysqli_fetch_array($result))
{
$username = $row['username'];
$password = $row['password'];
}
if ($submittedUser == $username && password_verify($submittedPass, $password))
{
$_SESSION['user']=$username;
//echo "";
// exit;
}
else
{
//echo "";
// exit;
}
mysqli_close($con);
}
?>
我注释掉了重定向,因为我最初认为它们是导致错误消息无法打印的原因。有人能帮我吗?我好像搞不懂什么不管用。
编辑:我把声明改回了
"SELECT * FROM users Where username =AES_ENCRYPT(?, '$aesKey')"
Array ( [0] => 5�uY��V�s~"�ܮ� [username] => 5�uY��V�s~"�ܮ� [1] => $argon2i$v=19$m=1024,t=2,p=2$akcuREppYk1ERjRlUi5ZQw$yIdC5oMblekARArcB0XjwwmWywJ824iM8FmKqAu+9ys [password] => $argon2i$v=19$m=1024,t=2,p=2$akcuREppYk1ERjRlUi5ZQw$yIdC5oMblekARArcB0XjwwmWywJ824iM8FmKqAu+9ys )`
编辑2:这是数据库结构。未加密的用户名应该是evan,未加密的密码应该是edwards。
--
-- Table structure for table `users`
--
CREATE TABLE `users` (
`username` text NOT NULL,
`password` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Dumping data for table `users`
--
INSERT INTO `users` (`username`, `password`) VALUES
('5ÃuY¯úVõs~\"Ãîâ¬', '$argon2i$v=19$m=1024,t=2,p=2$NWZQS2Q3dE1ORndjaUdpWg$vOR3DBT+IhdAXIt7YUPDiExalf1lsMeIVe/zTZDDYfU');
编辑3:运行以下代码:
include 'config.php';
$con=mysqli_connect($servername, $dbusername, $dbpassword, $dbname);
$result = mysqli_query($con,"SELECT * FROM `users`");
while($row = mysqli_fetch_array($result))
{
echo $row['username'];
echo "
";
echo $row['password'];
}
mysqli_close($con);
?>
给出以下结果:
5�uY��V�s~"�ܮ�
$argon2i$v=19$m=1024,t=2,p=2$NWZQS2Q3dE1ORndjaUdpWg$vOR3DBT+IhdAXIt7YUPDiExalf1lsMeIVe/zTZDDYfU