我需要一个帮助来加密传递给我的演示注册表单的密码。
这是我在表单操作中的execute.php
<?php
session_start();
include('db.php');
$username=$_POST['username'];
$result = mysqli_query($db,"SELECT * FROM member WHERE
username='$username'");
$num_rows = mysqli_num_rows($result);
if ($num_rows) {
header("location: register.php?remarks=failed");
}
else
{
$date = date("Y-m-d");
$fullname= $_POST['fullname'];
$username=$_POST['username'];
$password=$_POST['password'];
mysqli_query($db,"INSERT INTO member(date, fullname, username, password)VALUES('$date', '$fullname',
'$username','$password',)");
header("location: register.php?remarks=success");
}
?>
这是我的registercheck.php include
<?php
session_start();
include("db.php");
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$username=mysqli_real_escape_string($db,$_POST['username']);
$password=mysqli_real_escape_string($db,$_POST['password']);
$result = mysqli_query($db,"SELECT * FROM member");
$c_rows = mysqli_num_rows($result);
if ($c_rows!=$username) {
header("location: index?remark_login=failed");
}
$sql="SELECT mem_id FROM member WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
$active=$row['active'];
$count=mysqli_num_rows($result);
if($count==1)
{
$_SESSION['login_user']=$username;
header("location: profile");
}
}
?>
我不知道该怎么做。请帮我。任何评论都将非常感谢。
答案 0 :(得分:3)
你不会。 MD5对于密码不够安全。这是非常快速和高度皱眉 相反,您可以选择使用password_hash和password_verify 手册页很好地解释了如何使用它们。
首先,您将password_hash的内容存储到您的数据库中(注册期间)。
$password=password_hash($_POST['password'], PASSWORD_DEFAULT);
要检查密码是否匹配(当您执行登录检查时),您首先SELECT数据库中的password并使用password_verify
if(password_verify($_POST['password'], $row['password'])){
//password matches
}