使用Python和Flask,我创建了带有名称,电子邮件,密码和确认密码字段的注册页面。为了将密码以加密格式存储在数据库中,我选择了[[passlib。我已经达到了该代码无法正常工作的地步,根据文档的期望:
name = request.form['name']
email = request.form['email']
password = pbkdf2_sha256.hash(str(request.form['pass']))
confirm = pbkdf2_sha256.hash(str(request.form['confirm']))
if password == confirm:
cur = mysql.connection.cursor()
cur.execute("INSERT INTO users(name, email, password) VALUES(%s, %s, %s)", (name, email, password))
mysql.connection.commit()
但是这可行
name = request.form['name'] email = request.form['email'] password = pbkdf2_sha256.hash(str(request.form['pass'])) confirm = request.form['confirm'] if pbkdf2_sha256.verify(confirm, password): cur = mysql.connection.cursor() cur.execute("INSERT INTO users(name, email, password) VALUES(%s, %s, %s)", (name, email, password)) mysql.connection.commit()
尽管我不确定这是否是正确的方法。我将不胜感激一些建议。
> pbkdf2_sha256.hash('password')
'$pbkdf2-sha256$29000$1pozZkyJUQrB.D.nNAYAwA$Vg8AJWGDIv2LxOUc7Xkx/rTfuaWnxqzlOC30p11KKxQ'
> pbkdf2_sha256.hash('password')
'$pbkdf2-sha256$29000$aa31XmttTek9p5Rybo3Rug$FCaAMh.T6g5FM76XD3omh3rcQgGpAiLzeqRl0wg4E.A'
因此,直接比较无效。另一方面,由于盐存储在输出中,因此函数verify可以重新使用它来生成相同的哈希并比较结果。