数据库 mysql 散列密码
[英]Database mysql hashing passwords
问题描述
so I'm trying to hash some passwords from a database from a login form and when I try first time to login it works with the password from database then I hash it with MD5 then when I come back to the login page I want to put the previously used password to log me in but it changed to the MD5 one.
所以我正在尝试 hash 从登录表单中的数据库中获取一些密码,当我第一次尝试登录时,它使用数据库中的密码然后我 hash 使用 MD5 然后当我回到登录页面时,我想输入以前使用的密码让我登录,但它更改为 MD5 密码。 Is there any solution to have the MD5 one in the database and me to login with the first used?Thanks in advance (smecher.j is a variable who is 0)有什么解决方案可以让数据库中的 MD5 和我使用第一个登录的方式登录吗?在此先感谢(smecher.j 是一个为 0 的变量)
public void validateLogin(){
DatabaseConnection connectNow = new DatabaseConnection();
DatabaseConnection connectNow2 = new DatabaseConnection();
Connection connectDB = connectNow.getConnection();
Connection connectDB2 = connectNow2.getConnection();
String verifyLogin = " SELECT count(1) FROM user_account WHERE username = '" + usernameTextField.getText() + "' AND password ='" + enterPasswordField.getText() +"'";
String insertFields3 = " UPDATE user_account SET password = MD5(password) WHERE username = '" + usernameTextField.getText() +"'";
try{
Statement statement = connectDB.createStatement();
Statement statement2 = connectDB2.createStatement();
ResultSet queryResult = statement.executeQuery(verifyLogin);
while(queryResult.next()){
if(queryResult.getInt(1)==1){
login1();
if(smecher.j==0) {
statement2.executeUpdate(insertFields3);
smecher.j++;
}
text1=enterPasswordField.getText();
}else{
loginMessageLabel.setText("Invalid login, please try again");
}
}
lol();
}catch(Exception e){
e.printStackTrace();
e.getCause();
}
}
public static String text1 = "";
public void lol() {
Connection conn = null;
Statement st = null;
ResultSet rs = null;
String dbUrl = "jdbc:mysql://localhost:3306/databaselol?autoReconnect=true&useSSL=false";
String dbUsr = "root";
String dbPass = "!Iloriana12";
try {
String sql = "SELECT password FROM user_account where username = '" + usernameTextField.getText() + "'";
Class.forName("com.mysql.cj.jdbc.Driver");
conn = DriverManager.getConnection(dbUrl, dbUsr, dbPass);
st = conn.createStatement();
rs = st.executeQuery(sql);
while(rs.next()){
String value = rs.getString("password");
text1 =value;
}
System.out.println(text1);
}catch(Exception e){
e.printStackTrace();
}finally{
try {
rs.close();
} catch (SQLException e) {
e.printStackTrace();
}
try {
st.close();
} catch (SQLException e) {
e.printStackTrace();
}
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
1 个解决方案
解决方案1
-1 已采纳 2021-05-18 23:28:16
when saving password you should save it encrypted and when you verify the password you should verify comparing the encrypted versions of the password as in.保存密码时,您应该将其加密保存,当您验证密码时,您应该验证比较密码的加密版本,如
String verifyLogin = " SELECT count(1) FROM user_account WHERE username = '" + usernameTextField.getText() + "' AND password =MD5('" + enterPasswordField.getText() +"')";
String insertFields3 = " UPDATE user_account SET password = MD5('" + enterPasswordField.getText() + "') WHERE username = '" + usernameTextField.getText() +"'";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.