如何从PHP中的数据库解密密码?
[英]How to decrypt a password from database in php?
问题描述
I am creating a edit information page, but when i call out the data for password, it is encrypted. 
我正在创建一个编辑信息页面,但是当我调出密码数据时,它会被加密。 Is there a way i could decrypt it? 有办法解密吗?
this is my codes, 这是我的密码
<?php require 'dbfunction.php'; $con = getDbConnect(); if (mysqli_connect_errno($con)) { "Failed to connect to MySQL: " . mysqli_connect_error(); } else { $result = mysqli_query($con, "SELECT * FROM admininfo where name = xyz"); while ($admininfo = mysqli_fetch_array($result)) { ?> <div class="container"> <div class="row"> <center> <h2>Edit Info Administrator</h2> </center> <form> <div class="form-group"> <label class="col-sm-2 control-label">Name</label> <div class="col-md-10"> <input type="text" class="form-control" value="<?php echo $admininfo['name']; ?>" name="name"> </div> </div> <div class="form-group"> <label class="col-sm-2 control-label">Password</label> <div class="col-md-10"> <input type="password" class="form-control" placeholder="<?php echo $admininfo['password']; ?>" name="password"> </div> </div> <div class="form-group"> <label class="col-sm-2 control-label">Comfirm Password</label> <div class="col-md-10"> <input type="password" class="form-control" placeholder="Confirm Password" name="confirmpassword"> </div> </div> <div class="form-group"> <div class="col-sm-10 col-sm-offset-2"> <input type="submit" value="edit account" class="btn btn-primary"> </div> </div> </form> </div> </div> <?php } mysqli_close($con); } ?>
Currently the name is appearing, only the password is encrypted. 当前出现名称,仅密码已加密。
2 个解决方案
解决方案1
5 2015-02-03 15:25:35
There is no way to tell, from the code you've provided, how the password is encrypted. 从您提供的代码中无法得知密码的加密方式。
If it is done properly, then the password will be stored using a salt and a hashing algorithm and not any kind of reversible encryption. 如果操作正确,则将使用盐和哈希算法而不是任何可逆加密来存储密码。 In that case, the answer will be "no". 在这种情况下,答案将是“否”。
You should never need to find out what a password is, only set a new one or compare a submitted one to the existing one. 您永远不需要找出密码是什么,只需设置一个新密码或将提交的密码与现有的密码进行比较即可。 The latter case is handled by running the submitted password through the same hashing algorithm and comparing the two hashes. 后一种情况是通过使用相同的哈希算法运行提交的密码并比较两个哈希来处理的。
Your admin probably shouldn't be setting a new password directly either, they should have access to a function that emails the user a one use only token that they can use to set a new password themselves. 您的管理员也可能不应该直接设置新密码,他们应该可以使用向用户发送电子邮件的功能,该功能只使用一个令牌,用户可以自己设置新密码。
解决方案2
2
This is a bad idea. 这是一个坏主意。 Currently, you're showing $admininfo['password'] as a placeholder. 当前,您正在显示$admininfo['password']作为占位符。 This means its characters will be actually visible on the screen, even if your input is of type password. 这意味着即使您输入的密码类型,其字符也将在屏幕上实际可见。 Anyone looking over your shoulder will be able to see it. 看着你的肩膀的任何人都可以看到它。 Don't do this. 不要这样
Passwords should be stored in the database only hashed and salted. 密码应仅散列和加密后存储在数据库中。 There is a way to check whether a certain plaintext is the original password, but there is no way to decrypt the hash (other than brute force). 有一种方法可以检查某个明文是否为原始密码,但是没有办法解密散列(除了蛮力外)。 This is done like this for obvious security reasons. 出于明显的安全原因,这样做是这样的。
Have a look at password_hash() and password_verify() . 看一下password_hash()和password_verify() 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.