Encryption 加密密码
我对脚本有问题。记录新用户密码时,会正常记录。我尝试用MD5或sha1加密,在数据库中正确加密,但它会自动更改密码的值。例如: 如果我用密码mypassword注册,数据库中的密码将正确加密。但是,如果我注销,然后通过输入密码mypassword再次连接,则无法识别更多密码,但只能识别一个加密密码 这样做是不正常的。我尝试粘贴一些代码Encryption 加密密码,encryption,passwords,md5,Encryption,Passwords,Md5,我对脚本有问题。记录新用户密码时,会正常记录。我尝试用MD5或sha1加密,在数据库中正确加密,但它会自动更改密码的值。例如: 如果我用密码mypassword注册,数据库中的密码将正确加密。但是,如果我注销,然后通过输入密码mypassword再次连接,则无法识别更多密码,但只能识别一个加密密码 这样做是不正常的。我尝试粘贴一些代码 <?php session_start(); include '../_database/database.php'; if(isset($_REQUEST
<?php
session_start();
include '../_database/database.php';
if(isset($_REQUEST['signup_button'])){
$user_email = $_REQUEST['user_email'];
$user_firstname = $_REQUEST['user_firstname'];
$user_lastname = $_REQUEST['user_lastname'];
$user_username = $_REQUEST['user_username'];
$user_password = $_REQUEST['user_password'];
$sql="INSERT INTO user(user_firstname,user_lastname,user_email,user_username,user_password,user_joindate,user_avatar) VALUES('$user_firstname','$user_lastname','$user_email','$user_username', '$user_password',CURRENT_TIMESTAMP,'default.jpg')";
mysqli_query($database,$sql) or die(mysqli_error($database));
$_SESSION['user_username'] = $user_username;
header('Location: ../update-profile-after-registration.php?user_username='.$user_username);
}
?>
以及
散列算法MD5和SHA-*不适合散列密码,因为它们太快,因此很容易被强制使用。相反,应该使用具有成本因子的慢速散列函数:
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
此示例演示如何使用PHP函数password\u hash和password\u verify。他们将制作一个腌制的BCrypt杂烩
编辑:
好的,我将尝试在您的示例代码中进行修改。请注意,我使用了准备好的语句,因为您的示例易于SQL注入。代码没有经过测试
<?php
session_start();
include '../_database/database.php';
if(isset($_REQUEST['signup_button']))
{
$user_email = $_REQUEST['user_email'];
$user_firstname = $_REQUEST['user_firstname'];
$user_lastname = $_REQUEST['user_lastname'];
$user_username = $_REQUEST['user_username'];
$user_password = $_REQUEST['user_password'];
$passwordHash = password_hash($user_password);
$sql = "INSERT INTO user(user_firstname,user_lastname,user_email,user_username,user_password,user_joindate,user_avatar) VALUES(?,?,?,?,?,CURRENT_TIMESTAMP,'default.jpg')";
$stmt = $database->prepare($sql);
$stmt->bind_param('sssss', $user_firstname, $user_lastname, $user_email, $user_username, $passwordHash);
$stmt->execute();
$_SESSION['user_username'] = $user_username;
header('Location: ../update-profile-after-registration.php?user_username='.$user_username, true, 303);
exit;
}
?>
MD5和SHA1不是加密算法。它们是散列算法。而且两种方法都不应该再使用了。它们不安全。请查看和函数,它们适用于哈希密码。感谢您的回答,我尝试了密码\u哈希,但它给了我错误。你能给我举个简单的例子吗?你好,谢谢你的回答。你能告诉我这些变量的确切位置吗?你能给我举个我的例子吗?
<?php
session_start();
include '../_database/database.php';
if(isset($_REQUEST['signup_button']))
{
$user_email = $_REQUEST['user_email'];
$user_firstname = $_REQUEST['user_firstname'];
$user_lastname = $_REQUEST['user_lastname'];
$user_username = $_REQUEST['user_username'];
$user_password = $_REQUEST['user_password'];
$passwordHash = password_hash($user_password);
$sql = "INSERT INTO user(user_firstname,user_lastname,user_email,user_username,user_password,user_joindate,user_avatar) VALUES(?,?,?,?,?,CURRENT_TIMESTAMP,'default.jpg')";
$stmt = $database->prepare($sql);
$stmt->bind_param('sssss', $user_firstname, $user_lastname, $user_email, $user_username, $passwordHash);
$stmt->execute();
$_SESSION['user_username'] = $user_username;
header('Location: ../update-profile-after-registration.php?user_username='.$user_username, true, 303);
exit;
}
?>