如何使用密码散列和PDO使我的代码更安全?我的代码实际上正在工作,但它根本不安全,我不想使用MD5,因为它并不那么安全。我一直在查找密码哈希,但我不知道如何将它合并到我的代码中。登录:require_once __DIR__.'/config.php';session_start();$dbh = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_USERNAME, DB_USERNAME, DB_PASSWORD);$sql = "SELECT * FROM users WHERE username = :u AND password = :p";$query = $dbh->prepare($sql); // prepare$params = array(":u" => $_POST['username'], ":p" => $_POST['password']);$query->execute($params); // execute$results = $query->fetchAll(); // then fetch//hash passwords plsif (count($results) > 0 ){$firstrow = $results[0];$_SESSION['username'] = $firstrow['username'];echo "Hello $username you have successfully logged in";//header ("location:.php");}else{echo "Login Has Failed";return;} 登记册:$dbh = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_USERNAME, DB_USERNAME, DB_PASSWORD);$username = $_POST["username"];$email = $_POST["email"];$password = $_POST["password"];$stmt = $dbh->prepare("insert into users set username='".$username."', email='".$email."', password='".$password."' ");$stmt->execute();echo "<p>Thank you, you are registered</p>";有人能告诉我如何将它合并到我的代码中吗?
3 回答
繁星淼淼
TA贡献1775条经验 获得超11个赞
使用您选择的哈希算法存储注册用户密码的哈希(稍后将详细介绍)。 创建一个随机盐(一个常量、秘密字符串),与用户的密码一起使用,如上面所述,创建哈希,然后将该哈希存储在DB中。
$HashedPass = hash('sha512', $password);$HashedPass = hash('sha512', $password.SALT_STRING);$HashedPass = hash('sha512', $password.SALT_STRING);添加回答
举报
0/150
提交
取消