MD5盐登录系统
[英]MD5 Salt Login System
问题描述
Hey guy's i'm trying to make a login system which uses MD5 encryption for the password.
嘿家伙,我正在尝试制作一个使用 MD5 加密密码的登录系统。 I have the encrypting to work and all it's just for some reason when i enter the password "palmer" into the login page and click the login button i made it send me to a page where it tells me encrypted password and using "palmer" as the password it outputs this "Duncan Logged in using password 4844fd4088ef5278ad18f892808ebda8 - palmer".我有加密工作,这只是出于某种原因,当我在登录页面中输入密码“palmer”并单击登录按钮时,我让它将我发送到一个页面,它告诉我加密密码并使用“palmer”作为它输出的密码是“Duncan Logged in using password 4844fd4088ef5278ad18f892808ebda8 - palmer”。 THe password in the database when encrypted is "4669a6b46c8d891b373cfcd664dff6".加密时数据库中的密码为“4669a6b46c8d891b373cfcd664dff6”。 Why are the two passwords different?为什么两个密码不一样? I am using the same Salt(the salt is "a123b123".我使用的是相同的盐(盐是“a123b123”。
Below is my code which encrypts password on register:以下是我在注册时加密密码的代码:
$password = $_POST['password'];
$md5pass = md5($salt.md5($password));
Below is my login code.下面是我的登录代码。
<?php
session_start();
include('config/config.php');
$email = $_POST['email'];
$password = $_POST['password'];
$pass2 = md5($salt.md5($password));
$check = mysql_query("SELECT `email`,`password` FROM user WHERE (`email`='$email' AND `password`='$pass2')") or die(mysql_error());
$count = mysql_num_rows($check);
//if($count == 1) {
$_SESSION['user'] = strtoupper($user);
//header('Location: /panel/index.php');
echo("Duncan Logged in using password $pass2 - $pass");
//} else {
//$_SESSION['errormsg'] = "<div id='error'><strong>Error:</strong> Invalid Username or Password!</div>";
//header('Location: index.php');
//}
?>
3 个解决方案
解决方案1
7 2011-08-15 09:15:38
you have to store your salt – and please, use a random salt, this way two users with the same password will get a different digest: – somewhere for later use:你必须存储你的盐——请使用随机盐,这样两个具有相同密码的用户将获得不同的摘要:——供以后使用的地方:
$salt = sha1(getRandomSalt());
$digest = sha1($password.$salt).'$'.$salt; // use sha1 instead of md5
later you can check the provided password with the same salt:稍后您可以使用相同的盐检查提供的密码:
list($stored_pw, $stored_salt) = explode('$', $stored_digest);
if($stored_pw == sha1($user_provided_pw.$stored_salt)) {
echo 'user provided correct password';
}
解决方案2
3 2011-08-15 09:19:24
You should really use bcrypt for this.你真的应该为此使用 bcrypt 。 There is more on bcrypt on previous Stack Overflow post How do you use bcrypt for hashing passwords in PHP?在之前的 Stack Overflow 帖子中有更多关于 bcrypt 的内容如何在 PHP 中使用 bcrypt 对密码进行哈希处理?
bcrypt is considered the most secure way to implement password hashing with salt because it is slow - much slower than an MD5. bcrypt 被认为是使用 salt 实现密码散列的最安全方法,因为它很慢 - 比 MD5 慢得多。
解决方案3
2 2013-05-12 15:36:26
Just a little comment to knittl's solution from above:从上面对 knittl 的解决方案做一点评论:
You need to replace the line您需要更换线路
if($stored_pw = sha1($user_provided_pw.$stored_salt)) {
by经过
if($stored_pw == sha1($user_provided_pw.$stored_salt)) {
to get it working.让它工作。
(I tried to add it to knittl's post, but it says edits need to be at least 6 characters long) (我试图将它添加到 knittl 的帖子中,但它说编辑需要至少 6 个字符长)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.