[英]Passing password input to a salted hash token before insert to mysql DB
我將數據從表單發布到此邏輯以注冊用戶。 我的問題是,如何在此邏輯中將發布到$ userpw變量中的信息傳遞給令牌,然后將令牌內容作為用戶密碼插入到db中。 我是PHP的新手,請放輕松。 我只是只是更改插入語句以包含令牌變量而不是userpw變量?
//---sanitize function on a different file.
require 'sanitize.php';
//-------------variables including the hashed token--------------
$userid = $username= $userpw = $userfname = $userlname = '';
$salt = "qm&h*";
$pepper = "pg!@";
$token = hash('ripemd128', "$salt$userpw$pepper");
//--------existing insert logic-------------
if (isset($_POST['user_name']) &&
isset($_POST['user_pw']) &&
isset($_POST['user_fname']) &&
isset($_POST['user_lname']))
{
$username = sanitizeString($_POST['user_name']);
$userpw = sanitizeString($_POST['user_pw']);
$userfname = sanitizeString($_POST['user_fname']);
$userlname = sanitizeString($_POST['user_lname']);
$query = "INSERT INTO users (user_name, user_pw, user_fname, user_lname) VALUES" .
"('$username', '$userpw', '$userfname', '$userlname')";
$result = $conn->query($query);
if (!$result) echo "INSERT failed: $query<br>" .
$conn->error . "<br><br>";
根據評論,這是正確的更改:
if (isset($_POST['user_name']) &&
isset($_POST['user_pw']) &&
isset($_POST['user_fname']) &&
isset($_POST['user_lname']))
{
$username = sanitizeString($_POST['user_name']);
$userpw = sanitizeString($_POST['user_pw']);
$userfname = sanitizeString($_POST['user_fname']);
$userlname = sanitizeString($_POST['user_lname']);
$query = "INSERT INTO users (user_name, user_pw, user_fname, user_lname) VALUES" .
"('$username', '$token', '$userfname', '$userlname')";
$result = $conn->query($query);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.