我需要在MySQL中创建随机密钥存储区 如果我使用:
<?php echo md5(rand(10000,99999)); ?>
我可以在哪里存储
<?php
require 'config.inc.php';
foreach($_POST as $k=>$v)
{
$_POST[$k] = trim($v);
}
if(!isset($_POST['produgg_username']) or !isset($_POST['produgg_password']) or !isset($_POST['produgg_email']))
{
print "Please use all fields";
}elseif(empty($_POST['produgg_username'])){
print "Please choose a username";
}elseif(empty($_POST['produgg_password'])){
print "Please choose a password";
}elseif(empty($_POST['produgg_email'])){
print "Please enter an email address";
}elseif(!filter_var($_POST['produgg_email'], FILTER_VALIDATE_EMAIL)) {
print "Please enter a valid email address";
}elseif(!preg_match("/^[a-z0-9]+$/i", $_POST['produgg_username'])) {
print "Please use only characters and numbers for username";
}elseif($usersClass->checkUserExists($_POST['produgg_username'])) {
print "Username Taken, please choose another";
}else{
if($usersClass->register($_POST['produgg_username'], md5($_POST['produgg_password']), $_POST['produgg_email']))
{
print "success";
$toemail = $_POST['produgg_email'];
$touser = $_POST['produgg_username'];
// Send activation email
$to = $toemail;
$subject = "Activation";
$headers = "From: support@friendr.co.uk";
$body = "Howdy $touser!
To activate your please click on the following link - http://www..co.uk/activateuser.php?email=$toemail";
mail($to, $subject, $body, $headers);
}else{
print "Something weird happened and we couldn't setup the account!";
}
}
?>
答案 0 :(得分:3)
首先,您似乎使用普通md5()存储用户密码...... 请勿这样做,安全风险。 < i>你正在让你的用户和你自己处于危险之中。使用更强的哈希算法或bcrypt来加强密钥。 See this answer for more information
您似乎正在尝试为电子邮件激活生成nonce。
如果有的话,Universally Unique IDentifier (UUID)将完成这项工作。它具有非常低的碰撞变化,并且允许3×10 38 唯一值(一旦使用了一个值,您可以根据您的使用情况将其重新用于其他用户)。
您可以使用我编写的这个函数在PHP中生成UUID。你想要的是v4 UUID。
function UUIDv4() {
$bytes = str_split(crypto_random_bytes(16));
// Set UUID Version Number
$bytes[6] = $bytes[6] & "\x0f" | "\x40";
// Set UUID DCE1.1 varient
$bytes[8] = $bytes[8] & "\x3f" | "\x80";
$uuid = bin2hex(implode($bytes));
return sprintf('%08s-%04s-%04s-%04s-%12s',
// 32 bits for "time_low"
substr($uuid, 0, 8),
// 16 bits for "time_mid"
substr($uuid, 8, 4),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
substr($uuid, 12, 4),
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
substr($uuid, 16, 4),
// 48 bits for "node"
substr($uuid, 20, 12)
);
}
function crypto_random_bytes($count) {
static $randomState = null;
$bytes = '';
if(function_exists('openssl_random_pseudo_bytes') &&
(strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win
$bytes = openssl_random_pseudo_bytes($count);
}
if($bytes === '' && is_readable('/dev/urandom') &&
($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
$bytes = fread($hRand, $count);
fclose($hRand);
}
if(strlen($bytes) < $count) {
$bytes = '';
if($randomState === null) {
$randomState = microtime();
if(function_exists('getmypid')) {
$randomState .= getmypid();
}
}
for($i = 0; $i < $count; $i += 16) {
$randomState = md5(microtime() . $randomState);
if (PHP_VERSION >= '5') {
$bytes .= md5($randomState, true);
} else {
$bytes .= pack('H*', md5($randomState));
}
}
$bytes = substr($bytes, 0, $count);
}
return $bytes;
}
答案 1 :(得分:0)
使用uniqid()功能而不是使用md5。确保将more_entropy设置为true。
即
uniqid('prefix', true);
将'prefix'更改为适合您应用的内容。