Php 如何在sql中为salt passowrd生成随机字符串?
在sql中添加密码时遇到问题: 下面的代码通过随机生成10个字符的字符串来指定特定密码:Php 如何在sql中为salt passowrd生成随机字符串?,php,mysql,sql,database,salt,Php,Mysql,Sql,Database,Salt,在sql中添加密码时遇到问题: 下面的代码通过随机生成10个字符的字符串来指定特定密码: Update Teacher SET TeacherSalt = SUBSTRING(MD5(RAND()), -10), TeacherPassword = SHA1(CONCAT('009b9b624aaecc4b3217dcd4bfee15ab704745d7',SUBSTRING(MD5(RAND()), -10))) WHERE TeacherPassword = '009
Update Teacher
SET TeacherSalt = SUBSTRING(MD5(RAND()), -10),
TeacherPassword = SHA1(CONCAT('009b9b624aaecc4b3217dcd4bfee15ab704745d7',SUBSTRING(MD5(RAND()), -10)))
WHERE TeacherPassword = '009b9b624aaecc4b3217dcd4bfee15ab704745d7'
但我的问题是,我想更改salt,以便它生成的字符串来自所有这些字符:
./abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvxyzo123456789
有63个字符。php的方法如下:
$salt = "";
for ($i = 0; $i < 40; $i++) {
$salt .= substr(
"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
mt_rand(0, 63),
1);
}
$salt=”“;
对于($i=0;$i<40;$i++){
$salt.=substr(
“/ABCDEFGHIJKLMNOPQRSTUVWXYZABCDFGHIJKLMNOPQRSTUVWXYZ0123456789”,
穆特兰(0,63),
1);
}
但是我怎样才能用上面的sql方式来写呢?如果你真的想随机加盐,那么只能用php生成随机加盐,然后用该加盐对密码进行加密,并将加盐密钥和密码存储在表的两个字段中。表必须有salt字段和password字段。不过,如果您只想使用mysql进行加密,请查看此处 当我们验证用户的登录凭证时,我们遵循相同的过程,只是这次我们使用数据库中的salt,而不是生成一个新的随机salt。我们向其中添加用户提供的密码,运行哈希算法,然后将结果与存储在该用户配置文件中的哈希进行比较 下面的链接可能会给你一些更多的想法。
我希望您现在就明白了。简单地说,用php进行计算。首先从表中获取信息(注意,使用自动递增的ID而不是密码(可能不是唯一的)来选择行)
函数makeMeASalt($max=40){
$i=0;
$salt=“”;
$characterList=“/ABCDEFGHIJKLMNOPQRSTUVXYZABCDFGHIJKLMNOPQRSTUVXYZ0123456789”
而($i<$max){
$salt.=$characterList{mt_rand(0,(strlen($characterList)-1))};
$i++;
}
退还$salt;
}
$hash=crypt($password.makeMeASalt(40))
$query=“更新教师”
设置TeacherSalt=“$salt.”,TeacherPassword=“..$hash.”
其中TeacherID=“$TeacherID.”;
mysql\u query($query)或die(mysql\u error())
这也解决了前面提到的盐分在不同田地之间不一样的问题 可以在MySQL中完成。不过,随机生成的单词并不那么漂亮。关于盐的生成和应用,这一部分并不难 使用2个语句,首先为每个人生成盐,然后应用它们。(注意:如果确实只想将其应用于一个帐户,请添加WHERE子句。) (请注意,用户1和3碰巧有相同的密码。但您不希望它们在经过盐渍和哈希处理后保持相同。) (注意:稍后我将显示特定的字母表版本) 这里有两条语句,每一行都经过了唯一的salt和hash处理
mysql> update salty set salt=SUBSTRING(MD5(RAND()), -10);
mysql> select * from salty;
+------+------+------------+
| id | pw | salt |
+------+------+------------+
| 1 | fish | 00fe747c35 |
| 2 | bird | ee4a049076 |
| 3 | fish | 6a8285f03c |
+------+------+------------+
现在,对于随机生成指定字母表的单词,ELT()有一个难看的技巧。对于64个字符的字母表中的10个字母的单词:
UPDATE salty SET salt=CONCAT(
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9')
)
mysql> select * from salty;
+------+------+------------+
| id | pw | salt |
+------+------+------------+
| 1 | fish | TzHO0e5I/k |
| 2 | bird | 65xLptoDZ3 |
| 3 | fish | JNok/SfmkG |
+------+------+------------+
很可怕,不是吗?但是,在一个MySQL语句中执行此操作可能比在PHP中循环并每行执行一个(或两个)查询要快得多,特别是当您必须将其应用于具有数百万条记录的表时;一次查询一个丑陋的查询,而不是一次查询数百万个查询
但正如其他人所说,SHA1真的不再是一个足够好的散列了
如果您确实有很多记录,那么可以使用两个类似的MySQL查询来更新所有记录,以使用SHA2作为临时解决方案,然后在一段时间内使用PHP将它们单独更新为更强的散列。当然,您需要知道给定记录使用了哪个哈希
作为补充说明,如果您只更新一行(如示例中所示),那么您可能可以使用MySQL变量临时保存随机生成的字符串足够长的时间来更新该行的两列:
mysql> SET @salt=SUBSTRING(MD5(RAND()), -10); UPDATE salty SET salt=@salt,pw=SHA1(CONCAT(pw,@salt)) WHERE id=2; SET @salt=NULL;
通过这种方式,@salt中的相同值用于凝结盐和pw计算。不过,对于多行的更新来说,这是行不通的(它们最终都会使用相同的盐)。我想在适当的时候给予赞扬:Ray上面的回答为我的回答提供了所有的见解。在回顾他的答案时,我实现了它,但是我通过使用函数和调用其他函数的函数清理了它的实现方式。这是雷回答的澄清版本。(感谢Ray的出色响应!)这也比让php生成要快得多 我创建了两个函数。第一个返回一个随机选择的字符。第二个递归地调用第一个来构建任意长度的随机生成的字符串(例如用于盐胡椒场景等)。第二个限制为字符串长度255,但是您可以很容易地修改它。您可以将返回的字符更改为所需的任何有效字符,只需记下数组中有多少个字符,从而将64更改为您输入的任意数量。我故意按照Ray的顺序重新排列数组中所有字符的顺序,只是为了完全随机输出 默认情况下,函数生成被阻止,并且必须通过脚本(我使用Dbeaver)在命令行中输入,以便只有根管理员(在数据库上)才能输入函数生成。我选择了这个更安全的路径,而不是像一些人建议的那样更改日志记录,或者试图在脚本开始时定义生成函数的人 因为函数定义需要;其中包括,必须首先将命令行分隔符更改为$$,然后在完成输入的函数后,将其更改回$$;这只是因为我是通过控制台输入的,而不是从我的首选工具(Dbeaver)输入的 函数不能使用DECLARE,而必须使用SET。 SET变量名称前面的@是必需的
mysql> update salty set pw=sha1(concat(pw,salt));
mysql> select * from salty;
+------+------------------------------------------+------------+
| id | pw | salt |
+------+------------------------------------------+------------+
| 1 | ac1b74c36b4d2426460562e8710bd467bd034fc8 | 00fe747c35 |
| 2 | d63d035f9cac1ac7c237774613b8b702d8c227df | ee4a049076 |
| 3 | 6a0b1e36f489ef959badf91b3daca87d207fb5de | 6a8285f03c |
+------+------------------------------------------+------------+
UPDATE salty SET salt=CONCAT(
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9'),
ELT(1+FLOOR(RAND()*64),
'.','/',
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
'0','1','2','3','4','5','6','7','8','9')
)
mysql> select * from salty;
+------+------+------------+
| id | pw | salt |
+------+------+------------+
| 1 | fish | TzHO0e5I/k |
| 2 | bird | 65xLptoDZ3 |
| 3 | fish | JNok/SfmkG |
+------+------+------------+
mysql> SET @salt=SUBSTRING(MD5(RAND()), -10); UPDATE salty SET salt=@salt,pw=SHA1(CONCAT(pw,@salt)) WHERE id=2; SET @salt=NULL;
/* Testing Purposes:
SELECT f_generateRandomLetter64();
*/
DROP FUNCTION IF EXISTS f_generateRandomLetter64;
DELIMITER $$
CREATE FUNCTION f_generateRandomLetter64()
RETURNS varchar(1)
CONTAINS SQL
READS SQL DATA
NOT DETERMINISTIC
BEGIN
SET @thisResult = '';
SET @thisResult = ELT(1+FLOOR(RAND()*64),
'/','a','b','c','d','e','f','g','h','i','j','k','P','Q','R','S','T','U','V','W','X','Y','Z',
'.','A','B','C','D','E','F','G','4','8','9','5','6','z','1','2','3','7','l','m','n','o','p',
'q','r','s','H','I','J','K','L','M','N','O','t','u','v','w','x','y','0'
);
RETURN @thisResult;
END $$
DELIMITER ;
/* Testing Purposes:
SELECT f_generateRandomString(128);
SELECT LENGTH(f_generateRandomString(10));
*/
DROP FUNCTION IF EXISTS f_generateRandomString;
DELIMITER $$
CREATE FUNCTION f_generateRandomString(var_strLength int)
RETURNS varchar(255)
CONTAINS SQL
READS SQL DATA
NOT DETERMINISTIC
BEGIN
SET @thisResult = '';
WHILE var_strLength > 0 DO
SET @thisResult = CONCAT( @thisResult,f_generateRandomLetter64() );
SET var_strLength = var_strLength -1;
END WHILE;
RETURN @thisResult;
END $$
DELIMITER ;