代码之家  ›  专栏  ›  技术社区  ›  Barry Beach

MYSQL在记录输入时自动解密我的密码

md5 mysql php
  •  -5
  • Barry Beach  · 技术社区  · 6 年前

    我有一个脚本,可以将电子邮件地址和密码添加到表中。我首先搜索表中是否存在电子邮件地址。如果是,我会给出一条错误消息。如果没有,我添加记录。

    但每次我运行它时,都会添加记录,但密码不会用md5版本的密码更新。我回显了查询,它显示它应该用加密更新密码,但它没有。有什么想法吗? 

    <?php
session_start();
error_reporting(E_ALL);

if (array_key_exists("submit", $_POST)) {
    $link = mysqli_connect("localhost", "eits_Admin", "WebSpinner1", "EITS_Sandbox");
    if (!$link) {
        die("Database connection error");
    }
    $error = '';
    if (!$_POST['email']) {
        $error .= "<br/>An email address is required";
    }
    if (!$_POST['password']) {
        $error .= "<br/>A password is required";
    }   
    if ($error != "") {
        $error = "There were errors in your form - ".$error;
    } else {
        $query = "select id from secretdiary 
                  where email = '".mysqli_real_escape_string($link, $_POST['email'])
                ."' limit 1";
        // echo $query;
        $result = mysqli_query($link, $query);
        if (mysqli_num_rows($result) > 0) {
            $error = "That email address is not available.";
        } else {
            $query = "insert into secretdiary 
                                (email,password) 
                      values ('" . mysqli_real_escape_string($link, $_POST['email']) 
                        . "', '" 
                        . mysqli_real_escape_string($link, $_POST['password']) . "')";

            if (!mysqli_query($link, $query)) {
                $error = "Could not sign you up at this time. Please try again later.";
            } else {
                $encPass = md5(md5(mysqli_insert_id($link)) . $_POST['password']);
                $query = "update secretdiary 
                            set password = '" . $encPass 
                        . "' where id = " . mysqli_insert_id($link) . " limit 1";
                echo $query;
                $result = mysqli_query($link,$query);
                echo "Sign up successful.";
            }
        }
    }
}
?>
<div id="error"><? echo $error; ?></div>
<form method="post">
  <input type="email" name="email" placeholder= "Your Email">
  <input type="password" name="password" placeholder="Password">
  <input type="checkbox" name="stayLoggedIn" value=1>
  <input type="submit" name="submit" value="Sign Up!">
</form>
    1 回复  |  直到 6 年前
        1
  •  1
  •   Isaac    6 年前

    对于一个相对简单的过程,您有很多行代码。就个人而言,可以通过添加 required 在每个HTML表单输入元素的末尾(这是我要做的)

    第三,这里有一种使用Bcrypt对表单中的密码进行散列的方法,这比使用md5散列要好得多。所以,在检查错误之前,请执行您需要执行的任何操作 like counting the usernames and if row > 0 die('username exists)

    当检查用户登录时,只需使用 password_verify() 职能是这样做的

    整洁的代码有助于人们理解您的问题所在,并且通常更易于阅读。我知道你可能只是在找一些 但它在调试时对您有帮助,在您请求帮助时对我们有帮助。

    我会给你一个比你的方法更安全的方法。

    index.php 

        <form method="post" id="regform" action="register.php">
    <input type="text" name="username" placeholder="Enter your email    Address"required/>
    <input type="password" name="password" placeholder="Enter your password" required/>
    <input type="submit" class="indexbttn" id="indexbttn" name="enter"value="enter"/>
</form>


    <?php
$servername = "localhost";
$dbusername = "root";
$dbpassword = "root";
$dbname = "fyp";
try{
$pdo = new PDO("mysql:host=$servername;dbname=$dbname",$dbusername,   $dbpassword);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
print "Error! Unable to connect: " . $e->getMessage() . "<br/>";
die();
}
?>

    单文件 

    <?php
session_start();
require_once ('connect.php');
error_reporting(E_ALL);
ini_set('display_errors', 1);

 if(isset($_POST['enter'])){
  $username = !empty($_POST['username']) ? trim($_POST['username']) : null;
  $pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
  $check (!filter_var($_POST['username'], FILTER_VALIDATE_EMAIL));

  $cnt = "SELECT COUNT(username) AS num FROM users WHERE username = :username";
  $stmt = $pdo->prepare($cnt);
  $stmt->bindValue(':username', $username);
  $stmt->execute();
  $row = $stmt->fetch(PDO::FETCH_ASSOC);
  if($row['num'] > 0){
      die('That username already exists!');
  }
  $passHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
  $insrt = "INSERT INTO users (username, password) VALUES (:username, :password)";
  $stmt = $pdo->prepare($insrt);
  $stmt->bindValue(':username', $username);
  $stmt->bindValue(':password', $passHash);
  $result = $stmt->execute();
  if($result){
    header( "refresh:5;url=index.php" );
echo 'You will be redirected in  5 seconds. If not, click <a       href="index.php">here</a>.';
  }
}
?>


    <?php
 session_start();
require("connect.php");
  if(isset($_POST['enter'])){
$username = !empty($_POST['username']) ? trim($_POST['username']) :   null;
 $pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
$rtrv = "SELECT username, password, userid FROM users WHERE username =       :username";
  $stmt = $pdo->prepare($rtrv);
  //Bind value.
  $stmt->bindValue(':username', $username);
  //Execute.
  $stmt->execute();
  //Fetch row.
   $user = $stmt->fetch(PDO::FETCH_ASSOC);
  //If $row is FALSE.
  if($user === false){
  //Could not find a user with that username!
  die('Incorrect username');
  }
  else{
      $validPassword = password_verify($pass, $user['password']);
    if($validPassword){
        $_SESSION['user_id'] = $user['username'];
        $_SESSION['logged_in'] = time();
        header( "Location: /protected.php" );
        die();
      } else{
          die('Wrong password!');
    }
   }
 }
 ?>
    推荐文章
    Crass  ·  Java和JavaScript中不同的md5哈希结果
    7 年前
    arkhamvm  ·  在哪里可以找到xxhash64和md5碰撞概率统计信息?
    7 年前
    ebann  ·  在大文件上同时计算MD5和SHA1
    7 年前
    mchiappinam  ·  将sha512转换为md5
    8 年前
    lucacerone  ·  将md5哈希转换为R中的bigint
    9 年前
    user3606682  ·  如何在iOS中使用Swift将字符串转换为MD5哈希?
    9 年前
    cgajardo  ·  SQL Server中的MD5索引
    9 年前
    Vlad Pandichi  ·  从数据库读取MD5哈希以允许用户登录
    9 年前
    Adrian-Gabriel Peslar  ·  在Worldpay FuturePay安装上获取“无法验证MD5签名”
    9 年前
    Casey Flynn  ·  nodejs加密模块,hash.update()将所有输入存储在内存中
    9 年前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号