我正在尝试登录并注册我的网站。我已经使用哈希对密码进行加密,但无法重新登录。登录页面的代码如下
这是我用来加密密码的
public string ToSHA2569(string value)
{
SHA256 sha256 = SHA256.Create();
byte[] hashData = sha256.ComputeHash(Encoding.Default.GetBytes(value));
StringBuilder returnValue = new StringBuilder();
for (int i = 0; i < hashData.Length; i++)
{
returnValue.Append(hashData[i].ToString());
}
return returnValue.ToString();
}
这是我的注册页面
protected void btnSubmit_Click(object sender, EventArgs e)
{
try
{
using (SqlConnection sqlcon = new SqlConnection(connectionString))
{
sqlcon.Open();
SqlCommand cmd = new SqlCommand("UserRegister", sqlcon);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@Name", txtName.Text.Trim());
cmd.Parameters.AddWithValue("@Email", txtEmail.Text.Trim());
cmd.Parameters.AddWithValue("@Password", ToSHA2569(txtPassword.Text.Trim()));
cmd.Parameters.AddWithValue("Created", DateTime.Now);
cmd.ExecuteNonQuery();
lblMessage.Text = "You have registered succussfully";
}
}
catch (Exception ex)
{
lblWrong.Text = "Something went wrong please try again later";
}
}
}
这是我的登录页面 我认为这里有问题。使用加密密钥代替散列会更容易吗?
protected void btnSubmit_Click(object sender, EventArgs e)
{
try
{
using (SqlConnection sqlcon = new SqlConnection(connectionString))
{
sqlcon.Open();
string checkPasswordQuery = "select Password from [dbo.Register] where Username ='" + ToSHA2569(txtEmail.Text) + "'";
SqlCommand passcom = new SqlCommand(checkPasswordQuery, sqlcon);
if (txtPassword.Text == ToSHA2569(txtPassword.Text))
{
Response.Redirect("default.aspx");
}
else
{
Response.Write("Password is not correct");
}
}
}
catch
{
lblWrong.Text = "Something went wrong please try again later";
}
}
答案 0 :(得分:-1)
string checkPasswordQuery =“从[dbo.Register]中选择密码,其中用户名='” + ToSHA2569(txtEmail.Text)+“'”;
在此处加密电子邮件的原因是什么?
尝试更改为以下内容,以您在其中加密数据库中输入的密码。
如果(checkPasswordQuery == ToSHA2569(txtPassword.Text))