使用html表单提交密码时,我可以从php文件中看到密码。有没有办法在将密码提交到php文件之前加密/隐藏密码?
答案 0 :(得分:1)
You don't have to worry about the password being accessible in your own PHP file in your own server.
If you are talking about how to obfuscate a password in PHP before to settle it down the database, the easy way is pass it through a hash like a md5, i.e:
$pwd_hashed = md5($_POST['password']);
Remember hash is a one-way function, hence you cannot reverse it, just compare it.
But, if you are asking about how to send encrypted password from the client, then the best option is buy an ssl certificate with which you can add HTTPS to your page which makes the connection encrypted. But you can also hash the data in the client-side using a javascript for that (but it is not recommended).
答案 1 :(得分:1)
Man! It seems like you are yourself printing the password in the submit_form.php file.
Please remove the line:
echo "Password:"; echo ($_REQUEST['psw']);
from the file and it won't display it again.
答案 2 :(得分:0)
您应该在数据库中使用哈希并进行比较。
$password = MD5("hey");
if ($password == "6057f13c496ecf7fd777ceb9e79ae285") {
//where the string is the md5 hash for "hey". You can store it as a hash as well.
echo ("We are in");
} else {
echo ("We are not in");
}