1. 首頁
  2. 問答
  3. 加密密碼

加密密碼

2015-03-24 255 views
0

我遇到了腳本問題。錄製新用戶密碼時正常錄製。我試圖用MD5或sha1加密,在數據庫中正確加密,但它會自動更改密碼的值。例如:加密密碼

如果我使用密碼「mypassword」註冊,則數據庫中的數據已正確加密。但是,如果我註銷,然後通過輸入密碼「mypassword」再次連接,但不能識別它,但只識別一個加密的。

這樣做是不正常的。我嘗試粘貼一些代碼。

<?php 
session_start(); 
include '../_database/database.php'; 
if(isset($_REQUEST['signup_button'])){ 
    $user_email = $_REQUEST['user_email']; 
    $user_firstname = $_REQUEST['user_firstname']; 
    $user_lastname = $_REQUEST['user_lastname']; 
    $user_username = $_REQUEST['user_username']; 
    $user_password = $_REQUEST['user_password']; 
    $sql="INSERT INTO user(user_firstname,user_lastname,user_email,user_username,user_password,user_joindate,user_avatar) VALUES('$user_firstname','$user_lastname','$user_email','$user_username', '$user_password',CURRENT_TIMESTAMP,'default.jpg')"; 
     mysqli_query($database,$sql) or die(mysqli_error($database)); 
     $_SESSION['user_username'] = $user_username; 
     header('Location: ../update-profile-after-registration.php?user_username='.$user_username); 
    } 
?>

而且,

  <form class="form col-md-12 center-block" action="components/registration.php" method="post" autocomplete="off"> 
       <div class="row">  
        <div class="col-lg-6" style="z-index: 9;"> 
         <div class="form-group"> 
          <input type="text" class="form-control input-lg" placeholder="First Name" name="user_firstname" required> 
         </div> 
        </div> 
        <div class="col-lg-6" style="z-index: 9;"> 
         <div class="form-group"> 
          <input type="text" class="form-control input-lg" placeholder="Last Name" name="user_lastname" required> 
         </div> 
        </div> 
       </div> 
      <div class="row">  
       <div class="col-lg-12"> 
        <div class="form-group"> 
         <input type="email" class="form-control input-lg" placeholder="Email Address" name="user_email" required> 
        </div> 
       </div> 
      </div> 
      <div class="row"> 
       <div class="col-lg-12"> 
        <div class="form-group"> 
         <div class="input-group"> 
          <span class="input-group-addon"> 
           <!-- http://<?php echo $rws['domain_websiteaddress'];?>/user_username= --> know.me/ 
          </span> 
          <input type="username" class="form-control input-lg" placeholder="username" name="user_username" id="user_username" required> 
          <span class="input-group-addon" id="status"></span> 
         </div> 
        </div> 
        </div>  
       </div> 
       <div class="row">  
        <div class="col-lg-12"> 
         <div class="form-group"> 
          <input type="password" class="form-control input-lg" placeholder="pasword" name="user_password" required> 
         </div> 
        </div> 
       </div> 
       <div class="row">  
        <div class="col-lg-6"> 
         <div class="form-group"> 
          <button class="btn btn-primary ladda-button" data-style="zoom-in" type="submit" id="SubmitButton" value="Upload" style="float:left;" name="signup_button"/>Register</button> 
         </div> 
        </div> 
       </div> 
      </form>

來源

2015-03-24 Okram92

+1

'MD5'和'SHA1'不是*加密算法。他們是*哈希算法*。此外*既不*應再使用。他們不安全。 – 2015-03-24 21:19:49

+0

請查看[password_hash()](http://www.php.net/manual/en/function.password-hash.php)和[password_verify](http://www.php.net) /manual/en/function.password-verify.php)函數,它們適用於散列密碼。 – martinstoeckli 2015-03-24 21:21:02

+0

感謝您的回答,我嘗試了password_hash,但它給了我錯誤。你能舉個簡單的例子嗎? – Okram92 2015-03-24 21:41:41

回答

0

散列算法MD5和SHA-*不適合哈希密碼,因爲他們速度太快,因此可以蠻力強行太容易了。相反,應該使用慢散列函數與成本因素:

// Hash a new password for storing in the database. 
// The function automatically generates a cryptographically safe salt. 
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT); 

// Check if the hash of the entered login password, matches the stored hash. 
// The salt and the cost factor will be extracted from $existingHashFromDb. 
$isPasswordCorrect = password_verify($password, $existingHashFromDb);

這個例子顯示瞭如何使用PHP函數password_hash()和password_verify()。他們會產生一個鹽漬的BCrypt哈希。

編輯:

好吧,我會盡力做你的示例代碼中的修改。請注意,我使用了準備好的語句,因爲您的示例很容易出現SQL注入。該代碼未經測試。

<?php 
session_start(); 
include '../_database/database.php'; 
if(isset($_REQUEST['signup_button'])) 
{ 
    $user_email = $_REQUEST['user_email']; 
    $user_firstname = $_REQUEST['user_firstname']; 
    $user_lastname = $_REQUEST['user_lastname']; 
    $user_username = $_REQUEST['user_username']; 
    $user_password = $_REQUEST['user_password']; 
    $passwordHash = password_hash($user_password); 

    $sql = "INSERT INTO user(user_firstname,user_lastname,user_email,user_username,user_password,user_joindate,user_avatar) VALUES(?,?,?,?,?,CURRENT_TIMESTAMP,'default.jpg')"; 
    $stmt = $database->prepare($sql); 
    $stmt->bind_param('sssss', $user_firstname, $user_lastname, $user_email, $user_username, $passwordHash); 
    $stmt->execute(); 

    $_SESSION['user_username'] = $user_username; 
    header('Location: ../update-profile-after-registration.php?user_username='.$user_username, true, 303); 
    exit; 
} 
?>

來源

2015-03-25 08:20:03 martinstoeckli

+0

你好,謝謝你的回答。你能告訴我究竟在哪裏放置這些變量嗎?你能舉個例子說說我的案子嗎? – Okram92 2015-03-25 08:47:29

相關問題

 相關問題