java – 尝试使用phpass检查wordpress密码哈希

前端之家收集整理的这篇文章主要介绍了java – 尝试使用phpass检查wordpress密码哈希前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我有一个散列的wordpress密码数据库.我试图根据数据库存储密码检查用户的密码,但哈希值不正确.我正在使用this github code和一些登录isMatch().有什么想法为什么这些密码不匹配?纯文本密码是alberta10

  public boolean isMatch(String password,String storedHash) {
    // The first 12 digits of the hash is used to modify the encryption.
    String setting = storedHash.substring(0,12);
    logger.log(Level.INFO,"----Hashed pwd from db is: "+storedHash);
    logger.log(Level.INFO,"----Hashed pwd using PHP-pass: "+encrypt(password,setting));

    return storedHash.equals(encrypt(password,setting));
  }

这是我的authenticate()方法

private void authenticate(String username,String password) throws Exception {
    // Throw an Exception if the credentials are invalid
    PasswordHasher pwdHasher=new PasswordHasher();

    _logger.log(Level.INFO,"----Authenticating user: "+username);
    try{
    Connection conn=authenticationBiz.connwordpressDB();
    String query = "SELECT * FROM wp_users WHERE user_login = ?";
    PreparedStatement preparedStmt = conn.prepareStatement(query);
    preparedStmt.setString(1,username);
    ResultSet rs=preparedStmt.executeQuery();
    rs.next();//get first result
    _logger.log(Level.INFO,"----Hashed pwd from db is: "+rs.getString("user_pass"));
    if(pwdHasher.isMatch(password,rs.getString("user_pass")))            
        return;
    }
    catch(Exception e){
        _logger.log(Level.INFO,"----Exception in Authenticating user: "+e);            
        throw e;
    }
    throw new Exception();
}

继承日志输出

----Hashed pwd from db is: $P$BeatnTVG2/U8KZwpaWbPUF4yghHEKf.
    17:21:40,997 INFO  [com.mollom.PHPass] (default task-37) ----Hashed pwd from db is: $P$BeatnTVG2/U8KZwpaWbPUF4yghHEKf.
 ----Hashed pwd using PHP-pass: $P$BeatnTVG2etvrth3rlCUdiNRm93PO9xZjXNr1f5s8izUZFfIq70V
最佳答案
事实证明我使用的Github项目与用于生成哈希的初始标准不匹配.我发现:https://github.com/Wolf480pl/PHPass完美无缺

猜你在找的Java相关文章