我的脚本有问题。录制新用户密码时,会正常录制。我试图用MD5或sha1加密,在数据库中正确加密,但它会自动更改密码的值。例如:
如果我使用密码“mypassword”注册,则在数据库中正确加密。但是,如果我退出,然后通过输入密码“mypassword”再次连接,则不会识别更多,但只识别一个加密。
这样做并不正常。我尝试粘贴一些代码。
<?php
session_start();
include '../_database/database.php';
if(isset($_REQUEST['signup_button'])){
$user_email = $_REQUEST['user_email'];
$user_firstname = $_REQUEST['user_firstname'];
$user_lastname = $_REQUEST['user_lastname'];
$user_username = $_REQUEST['user_username'];
$user_password = $_REQUEST['user_password'];
$sql="INSERT INTO user(user_firstname,user_lastname,user_email,user_username,user_password,user_joindate,user_avatar) VALUES('$user_firstname','$user_lastname','$user_email','$user_username', '$user_password',CURRENT_TIMESTAMP,'default.jpg')";
mysqli_query($database,$sql) or die(mysqli_error($database));
$_SESSION['user_username'] = $user_username;
header('Location: ../update-profile-after-registration.php?user_username='.$user_username);
}
?>
和
<form class="form col-md-12 center-block" action="components/registration.php" method="post" autocomplete="off">
<div class="row">
<div class="col-lg-6" style="z-index: 9;">
<div class="form-group">
<input type="text" class="form-control input-lg" placeholder="First Name" name="user_firstname" required>
</div>
</div>
<div class="col-lg-6" style="z-index: 9;">
<div class="form-group">
<input type="text" class="form-control input-lg" placeholder="Last Name" name="user_lastname" required>
</div>
</div>
</div>
<div class="row">
<div class="col-lg-12">
<div class="form-group">
<input type="email" class="form-control input-lg" placeholder="Email Address" name="user_email" required>
</div>
</div>
</div>
<div class="row">
<div class="col-lg-12">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon">
<!-- http://<?php echo $rws['domain_websiteaddress'];?>/user_username= --> know.me/
</span>
<input type="username" class="form-control input-lg" placeholder="username" name="user_username" id="user_username" required>
<span class="input-group-addon" id="status"></span>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-lg-12">
<div class="form-group">
<input type="password" class="form-control input-lg" placeholder="pasword" name="user_password" required>
</div>
</div>
</div>
<div class="row">
<div class="col-lg-6">
<div class="form-group">
<button class="btn btn-primary ladda-button" data-style="zoom-in" type="submit" id="SubmitButton" value="Upload" style="float:left;" name="signup_button"/>Register</button>
</div>
</div>
</div>
</form>
答案 0 :(得分:0)
哈希算法MD5和SHA- *不适合哈希密码,因为它们太快,因此太容易暴力破解。相反,应该使用具有成本因子的慢哈希函数:
// Hash a new password for storing in the database.
// The function automatically generates a cryptographically safe salt.
$hashToStoreInDb = password_hash($password, PASSWORD_DEFAULT);
// Check if the hash of the entered login password, matches the stored hash.
// The salt and the cost factor will be extracted from $existingHashFromDb.
$isPasswordCorrect = password_verify($password, $existingHashFromDb);
此示例显示如何使用PHP函数password_hash()和password_verify()。他们将生成盐渍的BCrypt哈希。
编辑:
好的,我会尝试在您的示例代码中进行修改。请注意,我使用了预准备语句,因为您的示例很容易进行SQL注入。代码未经过测试。
<?php
session_start();
include '../_database/database.php';
if(isset($_REQUEST['signup_button']))
{
$user_email = $_REQUEST['user_email'];
$user_firstname = $_REQUEST['user_firstname'];
$user_lastname = $_REQUEST['user_lastname'];
$user_username = $_REQUEST['user_username'];
$user_password = $_REQUEST['user_password'];
$passwordHash = password_hash($user_password);
$sql = "INSERT INTO user(user_firstname,user_lastname,user_email,user_username,user_password,user_joindate,user_avatar) VALUES(?,?,?,?,?,CURRENT_TIMESTAMP,'default.jpg')";
$stmt = $database->prepare($sql);
$stmt->bind_param('sssss', $user_firstname, $user_lastname, $user_email, $user_username, $passwordHash);
$stmt->execute();
$_SESSION['user_username'] = $user_username;
header('Location: ../update-profile-after-registration.php?user_username='.$user_username, true, 303);
exit;
}
?>