stackoom
  简体   繁体   中英

Encode password using php shall and decode it in cookie

 原文  2016-01-25 03:39:19       php/ cookies/ salt

Question

I want to remember username and password. When check cookie will set and hash the password but when retuning the hashed password in password field it also show hashed vale here is my code to encode and decode please can someone give a better solution? 

I use this to remember password
<?php
if($_POST['remember']) {
$remember_user = trim($_POST['username']);
$remember_pass = trim($_POST['password']);

$salt = "@g26jQsG&nh*&#8v";
$password_hash =  sha1($remember_pass.$salt);

setcookie('remember_user', $remember_user, $year);
setcookie('remember_pass', $password_hash, $year);


                $cookie_name = 'siteAuth';
        $cookie_time = time() - 100;
       $password_hash =  sha1($remember_pass.$salt);
   setcookie ($cookie_name, 'usr='.$remember_user.'&hash='.$password_hash, time() + $cookie_time);



}
else if(!$_POST['remember']) {
    if(isset($_COOKIE['remember_user']) && parse_str($_COOKIE['remember_pass'])) {

    if(($usr == $remember_user) && ($hash == md5($remember_pass)))
        {
        $_SESSION['username'] = $remember_user;
        }

                $cookie_name = 'siteAuth';
                $cookie_time = time() - 100;
                  setcookie ($cookie_name, 'usr='.$remember_user.'&hash='.$password_hash, time() + $cookie_time);

    }


}
?>

Here is my html part that i want to display the remembered password 

      <input id="password" name="password" placeholder="Password" type="text" autocomplete="on" value="<?php    
  $salt="@g26jQsG&nh*&#8v"; 
  $password = sha1($_COOKIE['remember_pass'].$salt); echo $password; ?>"/>

But still am getting this in output f58b28222887e5cd4d10ec75d4bf2617c13a3f4a I want to return the original password how can i do that?

2 answers

solution1
 0  2016-01-25 03:52:36

Take a look at password_hash and password_verify .

See: http://www.sitepoint.com/hashing-passwords-php-5-5-password-hashing-api/

solution2
 0  2016-01-25 03:55:50

Usually when you want to authenticate,Either you or anybody else should never know the client's password! never means never !

if you wish to Authenticate you should always follow this procedure :

Client Register : hash(password+salt) =>insert to DB Client Authentication : you check if 

hash(Input_Password+salt)==(Password in DB)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Encode and decode url message ID using php encode json from javascript and decode using php encode by php and decode by js PHP encode/decode Encode and Decode in Javascript and php JSON encode and decode on PHP Encode in ASP and decode in PHP PHP json encode and decode PHP: Decode from Encode? how to encode a string in javascript or jquery and decode it using php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM