我对如何加密要在数据库中输入的新密码感到困惑。当我输入密码时,它将加密并检查数据库是否正确,并验证新密码,将其更改为纯文本。if (count($_POST) > 0) { $result = mysqli_query($conn, "SELECT *from users WHERE id='" . $_SESSION["id"] . "'"); $row = mysqli_fetch_array($result); if (MD5(mysqli_real_escape_string($_POST["currentPassword"] == $row["password"]))) { mysqli_query($conn, "UPDATE users set password='" . $_POST["newPassword"] . "' WHERE id='" . $_SESSION["id"] . "'"); $message = "Password Changed"; } else $message = "Current Password is not correct";}
3 回答
慕雪6442864
TA贡献1812条经验 获得超5个赞
// password encryption for security.
$salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
$salt = base64_encode($salt);
$salt = str_replace('+', '.', $salt);
$hash = crypt($pass, '$2y$10$'.$salt.'$');
//echo ("".$hash."<br />\n");
$pass 是密码输入中的密码
保存$hash到数据库
使用从数据库中获得的密码来验证密码 $hash
if(password_verify($pass, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
更新并尝试该过程
12345678_0001
TA贡献1802条经验 获得超5个赞
//password encryption
$user_password = "1234";
$hash_pass = password_encryption($user_password, PASSWORD_BCRYPT, array('cost'=>10);
//"$user_password"-password obtained from the user input
//"$hash_pass" -encrypted password stored in a database
//verify the user password with that obtained from the database
if(password_verify($user_password, $hash_pass)){
echo "password is valid";
}else{
echo "password is not valid";
}
试试这个。
- 3 回答
- 0 关注
- 158 浏览
添加回答
举报
0/150
提交
取消