尝试对我的密码进行哈希处理但没有成功

发布于 2024-11-03 00:20:21 字数 976 浏览 4 评论 0原文

我对 php 安全性相当陌生，对于我的网站，我是注册和登录，我想添加 md5 他们的密码，但我找不到任何地方有关于需要添加到哪些内容的明确指南注册，以及需要添加到登录文件和/或数据库中的内容，正如我所说，我在网络安全方面对 php 相当陌生，所以我需要一些帮助，这是我所拥有的部分在我的注册表单上：

    $error = $user = $pass = "";
if (isset($_SESSION['user'])) destroySession();

if (isset($_POST['user']))
{
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);


    if ($user == "" || $pass == "")
    {
        $error = "Not all fields were entered<br /><br />";
    }
    else
    {
        $query = "SELECT * FROM members WHERE user='$user'";

        if (mysql_num_rows(queryMysql($query)))
        {
            $error = "Username already taken<br /><br />";
        }
        else
        {
            $query = "INSERT INTO members VALUES('$user', '$pass')";
            queryMysql($query);
            die("<h4>Account created</h4>Please Log in.");
        }

    }
}

我只需要一个示例或一个很好的指南来说明我需要做什么才能使其正常工作。

原文

I am fairly new to php security, and for my site, I was a sign up and login, and I want to add md5 their passwords, but I can't find anywhere which has a clear guide on what needs to be added to the sign up, and what needs to be added to the login files, and/or the database, as I say I am fairly new to php in terms of web security, so I am in need of some help, here's part of what I have on my sign up form:

    $error = $user = $pass = "";
if (isset($_SESSION['user'])) destroySession();

if (isset($_POST['user']))
{
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);


    if ($user == "" || $pass == "")
    {
        $error = "Not all fields were entered<br /><br />";
    }
    else
    {
        $query = "SELECT * FROM members WHERE user='$user'";

        if (mysql_num_rows(queryMysql($query)))
        {
            $error = "Username already taken<br /><br />";
        }
        else
        {
            $query = "INSERT INTO members VALUES('$user', '$pass')";
            queryMysql($query);
            die("<h4>Account created</h4>Please Log in.");
        }

    }
}

I just need an example or a good guide of what I need to do to get it working correctly.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

清君侧 2024-11-10 00:20:21

我认为您正在寻找加盐然后散列您的密码。只需将您选择的字符串添加到密码的前面（如果您愿意，也可以添加到密码的末尾），然后使用 MD5 对其进行哈希处理。

例如，

$pass = 'mypassword';
$salt = 'S%gh3578';  //anything you want
$pepper = 'w890rrk'; //anything you want
$query = "INSERT INTO members VALUES('$user', md5('".$salt.$pass.$pepper."'))";
queryMysql($query);

这将使用加盐 MD5 加密将密码存储在数据库中，并且无法使用使用未加盐 MD5 加密的常见密码查找表来反转该密码。

要检查密码是否有效，您可以执行类似的操作：

$passToCheck = 'something';
$correctMD5 = (retrieve hash from db)
if($salt.$passToCheck.$pepper == $correctMD5)
{    
   //valid login
} else {
   //login failure
}

I think you're looking to salt and then hash your passwords. Simply add a string of your choosing to the front (and if you wish, to the end) of your password before hashing it using MD5.

e.g.

$pass = 'mypassword';
$salt = 'S%gh3578';  //anything you want
$pepper = 'w890rrk'; //anything you want
$query = "INSERT INTO members VALUES('$user', md5('".$salt.$pass.$pepper."'))";
queryMysql($query);

This will store the password in the database using salted MD5 encryption that cannot be reversed using a lookup table of common passwords using unsalted MD5 encryption.

To check if a password is valid, you do something similar:

$passToCheck = 'something';
$correctMD5 = (retrieve hash from db)
if($salt.$passToCheck.$pepper == $correctMD5)
{    
   //valid login
} else {
   //login failure
}

回复收藏 0 原文