Hash 更改新密码后无法使用新密码登录(密码哈希)
我在注册期间对密码进行了哈希处理,也可以使用哈希密码登录。我还实现了一个更改密码页面,其中要求输入旧密码,如果与旧密码匹配,则可以更改。我可以改变它,但后来,它不让我登录。这是我的更改密码aspx.cs代码:Hash 更改新密码后无法使用新密码登录(密码哈希),hash,change-password,Hash,Change Password,我在注册期间对密码进行了哈希处理,也可以使用哈希密码登录。我还实现了一个更改密码页面,其中要求输入旧密码,如果与旧密码匹配,则可以更改。我可以改变它,但后来,它不让我登录。这是我的更改密码aspx.cs代码: string conn = ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString; string str = null; SqlCommand com;
string conn = ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString;
string str = null;
SqlCommand com;
byte up;
protected void btn_update_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(conn);
con.Open();
str = "select * from UserData ";
com = new SqlCommand(str, con);
SqlDataReader reader = com.ExecuteReader();
while (reader.Read())
{
if (BusinessLayer.ShoppingCart.CreateSHAHash(txt_cpassword.Text) == reader["Password"].ToString())
{
up = 1;
}
}
reader.Close();
con.Close();
if (up == 1)
{
con.Open();
str = "update UserData set Password=@Password where UserName='" + Session["New"].ToString() + "'";
com = new SqlCommand(str, con);
com.Parameters.Add(new SqlParameter("@Password", SqlDbType.VarChar, 50));
com.Parameters["@Password"].Value = BusinessLayer.ShoppingCart.CreateSHAHash(txt_npassword.Text);
com.ExecuteNonQuery();
con.Close();
lbl_msg.Text = "Password changed Successfully";
}
else
{
lbl_msg.Text = "Please enter correct Current password";
}
}
在数据库中,它仍然显示哈希密码,但不允许我登录。我成功地从注册到登录,使用了哈希密码,但这一次,当密码被更改时,它无法识别新密码。我错过了什么?谢谢顺便说一句,以下是我在businesslayer中的哈希代码:
public static string CreateSHAHash(string Phrase)
{
SHA512Managed HashTool = new SHA512Managed();
Byte[] PhraseAsByte = System.Text.Encoding.UTF8.GetBytes(string.Concat(Phrase));
Byte[] EncryptedBytes = HashTool.ComputeHash(PhraseAsByte);
HashTool.Clear();
return Convert.ToBase64String(EncryptedBytes);
}
以下是登录代码:
protected void btn_Login_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn.Open();
string checkuser = "select count(*) from UserData where Username = '" + txtUser.Text + "'";
SqlCommand scm = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(scm.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string checkPassword = "select Password from UserData where Username ='" + txtUser.Text + "'";
SqlCommand passCom = new SqlCommand(checkPassword, conn);
string password = passCom.ExecuteScalar().ToString();
if (password == BusinessLayer.ShoppingCart.CreateSHAHash(txtPassword.Text))
{
Session["New"] = txtUser.Text;
Response.Write("<script>alert('Logged In')</script>");
Response.Redirect("OrderNow.aspx");
}
else
{
lblcrederror.Text = ("Credentials dont match");
}
}
else
{
lblcrederror.Text = ("Credentials dont match");
}
}
登录代码在哪里?此外,还请按产品对问题进行标记,以便对审阅者有所帮助,并且通过不将用户输入与sql语句连接起来,您可以获得适当的答案SPREvent sql注入。您是否调试并查看两个哈希值是否正确,即来自DB和由用户输入的密码生成的哈希值?是的,我可以使用上述给定代码登录。知道密码更改后,在数据库上对注册的passowrd进行散列,新的散列是否正确地存储在数据库中?我还注意到,在单击按钮时,您正在从UserData查询select*,这是整个表,而不仅仅是登录的用户。正确吗?是,密码更改@Nimesh后,密码哈希正确存储