我正在尝试使用散列的密码和盐使网站安全。我成功实现了它。但是,如果用户想更改其密码,则变得困难。如何重新编码我拥有的更改密码,以支持刚刚实现的hashedpassword和salt?
这是我的changepassword表单-change_password.php
<form method="post" id="change_password" class="form-horizontal">
<div class="control-group">
<label class="control-label" for="inputEmail">Current Password</label>
<div class="controls">
<input type="hidden" id="password" name="password" value="<?php echo $row['password']; ?>" placeholder="Current Password">
<input type="password" id="current_password" name="current_password" placeholder="Current Password">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">New Password</label>
<div class="controls">
<input type="password" id="new_password" name="new_password" placeholder="New Password">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Re-type Password</label>
<div class="controls">
<input type="password" id="retype_password" name="retype_password" placeholder="Re-type Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-info"><i class="icon-save"></i> Save</button>
</div>
</div>
</form>
这是我的jQuery脚本
<script>
jQuery(document).ready(function(){
jQuery("#change_password").submit(function(e){
e.preventDefault();
var password = jQuery('#password').val();
var current_password = jQuery('#current_password').val();
var new_password = jQuery('#new_password').val();
var retype_password = jQuery('#retype_password').val();
if (password != current_password)
{
$.jGrowl("Password does not match with your current password ", { header: 'Change Password Failed' });
}else if (new_password != retype_password){
$.jGrowl("Password does not match with your new password ", { header: 'Change Password Failed' });
}else if ((password == current_password) && (new_password == retype_password)){
var formData = jQuery(this).serialize();
$.ajax({
type: "POST",
url: "update_password.php",
data: formData,
success: function(html){
$.jGrowl("Your password is successfully change", { header: 'Change Password Success' });
var delay = 2000;
setTimeout(function(){ window.location = 'dashboard_teacher.php' }, delay);
}
});
}
});
});
</script>
这是我的update_password.php
<?php
include('dbcon.php');
include('session.php');
$new_password = $_POST['new_password'];
mysql_query("update admins set password = '$new_password' where admins_id = '$session_id'")or die(mysql_error());
?>
这是我的login.php
$query = "select * from admins where username = '$usernameVal';";
$resultSet = mysqli_query($conn,$query);
if(@mysqli_num_rows($resultSet) > 0){
//check noraml user salt and pass
//echo "noraml";
$saltQuery = "select salt from admins where username = '$usernameVal';";
$result = mysqli_query($conn,$saltQuery);
$row = mysqli_fetch_assoc($result);
$salt = $row['salt'];
$saltedPW = $escapedPW . $salt;
$hashedPW = hash('sha256', $saltedPW);
$query = "select * from admins where username = '$usernameVal'
and password = '$hashedPW' ";
$resultSet = mysqli_query($conn,$query);
if(@mysqli_num_rows($resultSet) > 0){
$row = mysqli_fetch_assoc($resultSet);
echo "your username and password is correct";
session_start();
$_SESSION["id"]=$row["admins_id"];
header("location:group/dashboard_teacher.php");
}
else
{
echo "your username or password is incorrect";
}
}
}
?>