Php 在android上加密密码并存储在DB中
我已经为android建立了一个完整的注册/登录系统,一切都是通过无线和服务器端数据库进行的,问题是现在我的密码被直接保存到数据库中(没有加密),我搜索了大量的网站、软件帖子和线程,但实际上没有任何帮助 我读过关于md5和sha1、河豚和bcrypt的书,但无法理解这种晶相图的正确实现 连接是使用php请求进行的。注册码如下:Php 在android上加密密码并存储在DB中,php,android,mysql,encryption,passwords,Php,Android,Mysql,Encryption,Passwords,我已经为android建立了一个完整的注册/登录系统,一切都是通过无线和服务器端数据库进行的,问题是现在我的密码被直接保存到数据库中(没有加密),我搜索了大量的网站、软件帖子和线程,但实际上没有任何帮助 我读过关于md5和sha1、河豚和bcrypt的书,但无法理解这种晶相图的正确实现 连接是使用php请求进行的。注册码如下: if($_SERVER['REQUEST_METHOD']=='POST'){ $username = $_POST['username']; $password =
if($_SERVER['REQUEST_METHOD']=='POST'){
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$Firstname = $_POST['fname'];
$Lastname = $_POST['lname'];
$Date = $_POST['Date'];
require_once('db_config.php');
$check_username_email = "SELECT * FROM Users WHERE Username ='$username' AND Email = '$email'";
$check_u_e = mysqli_fetch_array(mysqli_query($db,$check_username_email));
$check_username = "SELECT * FROM Users WHERE Username ='$username'";
$check_u = mysqli_fetch_array(mysqli_query($db,$check_username));
$check_email = "SELECT * FROM Users WHERE Email ='$email'";
$check_e = mysqli_fetch_array(mysqli_query($db,$check_email));
if(isset($check_u_e)){
echo 'Username AND Email already exist, please change them Both.';
}
else if(isset($check_u)){
echo 'Username already exists, please change it.';
}
else if (isset($check_e)){
echo 'Email already exists, please change it.';
} else{
$sql = "INSERT INTO Users(Email,Username,Bio,Password,Fname,Lname,Regiser_Date) VALUES ('$email','$username',NULL,'$password','$Firstname','$Lastname','$Date')";
if(mysqli_query($db,$sql)){
echo "You have been successfully Registered";
} else{
echo "Sorry, something went wrong - Try again.";
}
}
}else{
echo 'Server error - Please try again later.';
mysqli_close($db);
}
if($_SERVER['REQUEST_METHOD']=='POST'){
$username = $_POST['username'];
$password = $_POST['password'];
require_once('db_config.php');
$sql = "SELECT * FROM Users WHERE Username = '$username' AND Password = '$password'";
$result = mysqli_query($db,$sql);
$check = mysqli_fetch_array($result);
if(isset($check)){
echo 'Logged In';
}
else{
echo 'Failed to login';
}
}
除了飞地,一切都很好。有人能给我指点迷津吗?我了解到它需要两个方面,一个来自客户端(android应用程序),一个来自php服务器端,所以它是这样的,在DB中存储密码时,使用任何散列或加密,如bcrypt、md5、sha1,并将其存储在数据库中。 当用户想要登录时,再次使用相同的散列或加密机制将数据库中存储的值与用户传递的值进行比较。 如果是,则成功登录 那么现在, 您对insert的查询将显示如下内容:
$sql = "INSERT INTO Users(Email,Username,Bio,Password,Fname,Lname,Regiser_Date) VALUES ('$email','$username',NULL,'md5($password)','$Firstname','$Lastname','$Date')";
$options = [
'cost' => 12,
];
echo password_hash("password", PASSWORD_BCRYPT, $options)."\n";
要加密密码,可以使用函数。 在您的注册码中,在插入查询之前添加以下内容:
$options = [
'cost' => 12,
];
$password = password_hash($password, PASSWORD_BCRYPT, $options);
$sql = "SELECT password FROM Users WHERE Username = '$username'";
$result = mysqli_query($db,$sql);
if(!$row = mysqli_fetch_assoc($result)){
echo "failed to login(invalid username)";
die();
//login failed->add code to redirect to login page
}
if(password_verify($password, $row['password'])){
//password match the stored hash
echo "logged in";
//sucessfully logged->retrive all additional data you need, save session, redirect to homepage etc...
}
else echo "failed to log in(invalid password)";
你会找到关于PasWordDHASH()和PaseWordVIEFIFY()的所有信息,但请考虑:
我已经试过了,但是md5太弱了,我想要一个更好的加密方法。。你知道吗?
password\u hash$sql = "SELECT password FROM Users WHERE Username = '$username'";
$result = mysqli_query($db,$sql);
if(!$row = mysqli_fetch_assoc($result)){
echo "failed to login(invalid username)";
die();
//login failed->add code to redirect to login page
}
if(password_verify($password, $row['password'])){
//password match the stored hash
echo "logged in";
//sucessfully logged->retrive all additional data you need, save session, redirect to homepage etc...
}
else echo "failed to log in(invalid password)";