[英]Can't Login With sha1 Hashed password
I have used sha1 to hash a password upon registration, here's a snippet of code from that:我在注册时使用 sha1 来散列密码,这是其中的一段代码:
$password = sha1 ($_POST['password']);
$query = "INSERT INTO admin (forename,surname,email,securityq, securitya,password) VALUES ('$forename','$surname','$email','$securityq','$securitya','$password')";
And here is my code at the login form:这是我在登录表单中的代码:
$email = $_POST['email'];
$password = sha1($_POST['pass']);
$query = mysql_query ("SELECT * FROM admin WHERE email = '$_POST[email]' AND password = $password ");
This wont allow me to log in still, my 'invalid login credentials' is the only result from trying to log in.这不会让我仍然登录,我的“无效登录凭据”是尝试登录的唯一结果。
You need to hash the input password before select您需要在选择之前散列输入密码
$email = $_POST['email'];
$password = md5($_POST['pass']);
$query = mysql_query ("SELECT * FROM admin WHERE email = '$_POST[email]' AND password = '$password'");
Just hash the password before you compare it with the password in the database.在将密码与数据库中的密码进行比较之前,只需对密码进行哈希处理。
$email = mysql_real_escape_string($_POST['email']);
$password = md5($_POST['pass']);
$query = mysql_query ("SELECT * FROM admin WHERE email = '$email' AND password = '$password'");
..and don't forget to escape your input! ..并且不要忘记转义您的输入!
And instead of md5 you should think about using password_hash
and password_verify
, because md5 isn't secure any more.您应该考虑使用
password_hash
和password_verify
而不是 md5,因为 md5 不再安全。
Juste hash before request.在请求之前进行哈希处理。
$email = $_POST['email'];
$password = md5($_POST['pass']);
$query = mysql_query ("SELECT * FROM admin WHERE email = '$_POST[email]' AND password = '$_POST[pass]' ");
And an advice : you should add a salt at register like :还有一个建议:你应该在寄存器中添加一个盐,比如:
$password = md5 ($_POST['password'].'mysalt123465');
$query = "INSERT INTO admin (forename,surname,email,securityq, securitya,password) VALUES ('$forename','$surname','$email','$securityq','$securitya','$password')";
So its harder to crack the pass with brute force.所以用蛮力破解传球更难。
And sha1
is better than md5
for security.在安全性方面,
sha1
优于md5
。
对于密码,请使用password_hash()
因为md5(), sha1(), sha256()
被认为是弱盐并且很容易被破解
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.