PHP:哈希代码不再工作了？

Question

我使用这个哈希函数一段时间(从互联网上获取).事情是它曾经立即工作,但现在它抱怨一个参数.以下是代码:

function generateHash($plainText, $salt = null)
{

    if ($salt === null)
    {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else
    {
        $salt = substr($salt, 0, SALT_LENGTH);
    }
    return $salt . sha1($salt . $plainText);
}

所以我会在方法调用中使用这段代码:

validateUserInput($userid, $pass);

和validateUserInput是:

function validateUserInput($username, $password)
{
    //$username = mysql_real_escape_string($username);
    //$password = mysql_real_escape_string($password);

    if(!$username || !$password)
    {
        //$errors['credentials'] = 'Missing Credentials!';
        //$_SESSION['errors_array'] = $errors;
        //echo $errors['credentials'];
        header("LOCATION:XXXXXXX.php");
    }

    $local_salt = generateHash($password);
    //echo $local_salt;
    $groupid;

    if($username != null && $password !=null)
    {   
        connectToServer();
        $result = mysql_query("SELECT * FROM users WHERE hashkey = '{$local_salt}'");

        while($row_access = mysql_fetch_array($result))
        {
            $groupid = $row_access['groupid'];
        }
        if(!isset($result))
        {
            $errors['not_found_user'] = 'No Users Found with Provided Credentials!';
            //$_SESSION['errors_array'] = $errors;
            $userfound = 0;
            $_SESSION['user_available'] = $userfound;
        }elseif(isset($result)){
            $_SESSION['user_logged'] = array('username' => $username, 'password' => $password, 'salt' => $local_salt, 'groupid' => $groupid);
            $userfound = 1;
            //echo "stored";
            $_SESSION['user_available'] = $userfound;
        }       
    }
}

最后的错误是:

Warning: substr() expects parameter 3 to be long, string given in /home/XXXX.php on line 64

这是指向功能 generateHash()

Answer 1

错误本身告诉你一切.常数SALT_LENGTH不是long.我怀疑这是没有定义好,所以PHP裸字符串转换为字符串("SALT_LENGTH"),并把该给substr(),哪些抱怨.

那就是说......这段代码是错误的:

1. if(!isset($result)):真的吗？这种情况将永远是假的,因为$result将始终被设置(除非你遇到了一个问题mysql_query(),但是,这并不告诉你登录的任何valididty).由于mysql_query()永不返回null,因此不会拒绝任何登录.

2. 这个查询:

   SELECT * FROM users WHERE hashkey = '{$local_salt}'
   

   是无效的.$local_salt = generateHash($password);.从generateHash函数中,如果没有给出一个盐,将随机为您创建一个.因此,每次调用generateHash都会生成一个新的哈希值,这意味着它无法与数据库中的任何内容进行比较.

基于上面两个(非常)令人震惊的错误,我会抛弃这段代码.

使用salt时检查有效哈希的正确方法如下:

$_SESSION['user_logged'] = null;

// fetch hashed pw from db, where username is the submitted username
$result = mysqli_query("SELECT hash FROM users WHERE username = '{$username}'");

if ($result->num_rows != 0) 
{
     $row = $result->fetch_assoc();    
     $hash = $row['hash'];

     $salt = substr($hash, 0, SALT_LENGTH); // extract salt 

     if (generateHash($password, $salt) == $hash) 
     {
         // login successful. 
         $_SESSION['user_logged'] = $username; // don't store passwords here
     }
}

// if $_SESSION['user_logged'] is not set, the login failed
if (!isset($_SESSION['user_logged'])) 
{
    // you *don't* want to tell people which one (login or pw) is invalid
    echo 'Invalid login or password';
}

注意:最重要的SALT_LENGTH是最多32个,否则由于实现的方式不起作用generateHash().