[英]Login doesn't work with not hashed password only hashed ones
my login on my website doesn't work with regular password only the hashed passwords, how can I fix it我在我的网站上的登录不能使用常规密码,只能使用散列密码,我该如何修复它
<?
include '../../engine/config.php';
//Ïðîâåðÿåì àâòîðèçàöèþ,åñëè âñå õîðîøî,ïóñêàåì
if(empty($_COOKIE["pass"]) || $_COOKIE["pass"]=="")
{
header("Location: login.php");
}
else
{
$per = explode(":", $_COOKIE["pass"]);
$pass_md5 = $per[0];
$login = $per[1];
$search = mysql_query("SELECT * From ".$account['table']." WHERE ".$account['name']."='$login'");
$user = mysql_fetch_array($search);
if($pass_md5 != md5(md5($user["".$account['pass'].""])))
{
setcookie("pass", "", 0, "/");
header("Location: login.php");
}
}
//?>
There are quite a number of problems with your code, which could affect you (security wise):您的代码存在很多问题,可能会影响您(安全方面):
md5()
calls doesn't guarantee security. MD5 非常不安全,即使运行 10 个嵌套的md5()
调用也不能保证安全。You can rewrite your code as follows:您可以按如下方式重写代码:
include '../../engine/config.php';
if (empty($_COOKIE['pass']) || $_COOKIE['pass'] == '') {
header("Location: login.php");
} else {
$per = explode(":", $_COOKIE['pass'])
$password = $per[0];
$login = $per[1];
$search = mysql_query("SELECT * FROM " . $account['table'] . " WHERE " . $account['name'] . " = '$login' LIMIT 1"); // Included an option LIMIT 1 to end the query and speed it up
$user = mysql_fetch_array($search);
if (!password_verify($password, $user[$account['pass']])) {
setcookie("pass", "", 0, "/");
header("Location: login.php");
}
}
// You don't really need the closing bracket, unless you are going to write HTML code
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.