堆栈内存溢出
  简体   繁体   English

如何使用PHP使用MD5加密此密码?

[英]How do I encrypt this password with MD5 using PHP?

 原文  2012-10-01 00:08:57       php/ mysql/ encryption/ login/ md5

问题描述

The code below is from a login script, written in PHP. 下面的代码来自用PHP编写的登录脚本。 The database that it checks passwords against encrypts the passwords using MD5 however when the login script checks against the database for a password, it is checking the raw password without encryption. 它检查密码的数据库使用MD5加密了密码,但是,当登录脚本针对数据库检查密码时,它正在检查未加密的原始密码。 I am familiar with the md5() function but how would I incorporate that into the following: 我熟悉md5()函数,但是如何将其合并到以下代码中: 

<?php
session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username && $password) {
    $connect = mysql_connect("host", "user", "password") or die("Couldn't connect");
    mysql_select_db("dbname") or die("Couldn't find the database");

    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    $numrows = mysql_num_rows($query);

    if ($numrows != 0) {
        while ($row = mysql_fetch_assoc($query)) {
            $dbusername = $row['username'];
            $dbpassword = $row['password'];
        }

        if ($username == $dbusername && $password == $dbpassword) {
            echo "You're in! Click <a href='../member.php'>here</a> to enter the member page.";
            $_SESSION['username'] = $username;
        }else{
            echo "Incorrect password";
        }
    }else{
        die("That username does not exist.");
    }
}else{
    die("Please enter a valid username and password.");
}
?>

2 个解决方案

解决方案1
 5  2012-10-01 00:13:03

You should be checking and querying the database for a match, not bringing the results down and checking them locally. 您应该检查和查询数据库是否匹配,而不是降低结果并在本地检查它们。 With that said: 照这样说: 

$password = md5($_POST['password']);

Then also change: 然后还要更改: 

SELECT * FROM users WHERE username='$username' AND password='$password'

But I'd also have a look at using PDO instead of placing the values directly in a SQL query. 但是我也将看看使用PDO而不是将值直接放在SQL查询中。 At the very least you should be using mysql_real_escape_string to avoid injection attacks. 至少应该使用mysql_real_escape_string避免注入攻击。

解决方案2
 0  2013-11-14 07:23:44

    $salt=sha1($postpassword);
    $arr= strlen($postpassword);
    $count=ceil($arr/2);
    $stringarr=str_split($postpassword,$count);
    $password1=hash("sha512", $stringarr['0']); 

    $password2=$salt . ( hash( 'whirlpool', $salt . $stringarr['1'] ) );
    return $password1.$password2;

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在我的PHP代码中加密md5的密码 - How can I encrypt password to md5 in my php code 如何使用php检查两个md5加密值是否相同? - How to check two md5 encrypt value is same or not using php? 在 PHP 和 Jquery 中使用 md5 更改密码 - Change Password using md5 in PHP and Jquery 如何比较md5密码php - How to compare md5 password php 如何在php中邮寄md5密码? - How to mail a md5 password in php? MD5加密表中的所有密码 - MD5 Encrypt all the password in a table 使用 Crypto 将带有 md5 的 PHP openssl_encrypt 转换为 NodeJS - Convert PHP openssl_encrypt with md5 to NodeJS using Crypto 在通过GET发送信息之前,我该如何加密Md5文本输入? - how do i encrypt Md5 text input before sending information via GET? php MD5中的密码散列 - Password hashing in php MD5 Md5盐密码php - Md5 salt password php
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM