我是学习者并创建了我的第一个网站。 在添加登录并向我的网站添加新用户表单后,我开始知道我不能将我的密码保存在DB中作为纯文本。我做了一些搜索,找到了关于md5(),盐,加密等等。我的大多数发现来自同一个网站,但有更长的长码,我无法理解。 总之,我想知道我必须对我的代码进行哪些修改(如下所示)?
添加新用户/管理员表单:
<form action="add_user.php" method="post">
<label for="new_username">New User Name : </label><input type="text" name="username" placeholder = "New User Name"><br>
<label for="new_password">New Password :</label><input type="password" name="password" placeholder = "New Password"><br>
<label for="confirm_password"> Confirm Password :</label><input type="password" name="againpassword" placeholder = "Enter Password Again"><br>
<p id="btn">
<input type="submit" value="Save" name="Submit-Event" style="font-size:16px"><input type="reset" value="Reset" style="font-size:16px"><br>
</form>
php文件:add_user.php
<?php
$server="localhost";
$user="root";
$password="";
$database="camouflage_studio";
$con = mysqli_connect($server,$user,$password,$database);
if (mysqli_connect_errno())
{
echo "Connection Error: " . mysqli_connect_error();
}
//check if password matches
$firstpassword = $_POST['password'];
$secondpassword = $_POST['againpassword'];
$username = $_POST['username'];
if(($firstpassword == $secondpassword) and $firstpassword !== '' and $username !== '')
{
// prepare and bind
$stmt = $con->prepare("insert into users (username, password) VALUES (?, ?)");
$stmt->bind_param("ss", $_POST['username'], $_POST['password']);
if(mysqli_stmt_execute($stmt))
{
echo '<script language="javascript" type="text/javascript">
alert("User Added succesfully");
window.location = "admin.php";
</script>';
}
else
echo "Prepare Error: ",$con->error; //remove $con->error before making ONLINE THE CODE.
}
else
{ echo '<script language="javascript" type="text/javascript">
alert("Incorrect Credentials!");
window.location = "add_user.html";
</script>';
}
$stmt->close();
$con->close();
?>