如何创建随机密钥 php mysql？

发布于 2024-11-17 03:09:21 字数 1840 浏览 0 评论 0原文

我需要在 MySQL 中创建随机密钥存储如果我使用：

<?php echo md5(rand(10000,99999)); ?>

我可以将其存放在哪里

<?php
require 'config.inc.php';

foreach($_POST as $k=>$v) 
{
    $_POST[$k] = trim($v);
}

if(!isset($_POST['produgg_username']) or !isset($_POST['produgg_password']) or !isset($_POST['produgg_email']))
{
    print "Please use all fields";
}elseif(empty($_POST['produgg_username'])){
    print "Please choose a username";
}elseif(empty($_POST['produgg_password'])){
    print "Please choose a password";
}elseif(empty($_POST['produgg_email'])){
    print "Please enter an email address";
}elseif(!filter_var($_POST['produgg_email'], FILTER_VALIDATE_EMAIL)) {    
    print "Please enter a valid email address";
}elseif(!preg_match("/^[a-z0-9]+$/i", $_POST['produgg_username'])) {
    print "Please use only characters and numbers for username";
}elseif($usersClass->checkUserExists($_POST['produgg_username'])) {
    print "Username Taken, please choose another";
}else{
    if($usersClass->register($_POST['produgg_username'], md5($_POST['produgg_password']), $_POST['produgg_email']))
    {
        print "success";
        $toemail = $_POST['produgg_email'];
        $touser = $_POST['produgg_username'];
        // Send activation email 
         $to = $toemail;
         $subject = "Activation";
         $headers = "From: [email protected]";
         $body = "Howdy $touser! 

         To activate your please click on the following link - http://www..co.uk/activateuser.php?email=$toemail";

        mail($to, $subject, $body, $headers);

    }else{
        print "Something weird happened and we couldn't setup the account!";
    }
}

?>

原文

I need create random key store in MySQL
If I use:

<?php echo md5(rand(10000,99999)); ?>

Where can I store it

<?php
require 'config.inc.php';

foreach($_POST as $k=>$v) 
{
    $_POST[$k] = trim($v);
}

if(!isset($_POST['produgg_username']) or !isset($_POST['produgg_password']) or !isset($_POST['produgg_email']))
{
    print "Please use all fields";
}elseif(empty($_POST['produgg_username'])){
    print "Please choose a username";
}elseif(empty($_POST['produgg_password'])){
    print "Please choose a password";
}elseif(empty($_POST['produgg_email'])){
    print "Please enter an email address";
}elseif(!filter_var($_POST['produgg_email'], FILTER_VALIDATE_EMAIL)) {    
    print "Please enter a valid email address";
}elseif(!preg_match("/^[a-z0-9]+$/i", $_POST['produgg_username'])) {
    print "Please use only characters and numbers for username";
}elseif($usersClass->checkUserExists($_POST['produgg_username'])) {
    print "Username Taken, please choose another";
}else{
    if($usersClass->register($_POST['produgg_username'], md5($_POST['produgg_password']), $_POST['produgg_email']))
    {
        print "success";
        $toemail = $_POST['produgg_email'];
        $touser = $_POST['produgg_username'];
        // Send activation email 
         $to = $toemail;
         $subject = "Activation";
         $headers = "From: [email protected]";
         $body = "Howdy $touser! 

         To activate your please click on the following link - http://www..co.uk/activateuser.php?email=$toemail";

        mail($to, $subject, $body, $headers);

    }else{
        print "Something weird happened and we couldn't setup the account!";
    }
}

?>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

谜兔 2024-11-24 03:09:21

首先，您似乎正在使用普通的 md5() 来存储用户密码...不要这样做，这是一个安全风险。 您正在将您的用户和您自己置于危险之中。使用更强的哈希算法或 bcrypt 进行密钥强化。有关详细信息，请参阅此答案。

看来您实际上是在尝试生成用于电子邮件激活的nonce。

如果有的话，通用唯一标识符（UUID）将完成这项工作。它的碰撞变化非常低，并允许 3 × 10³⁸ 唯一值（使用某个值后，您可以根据您的用例将其重复用于其他用户）。

您可以使用我编写的这个函数在 PHP 中生成 UUID。您需要的是 v4 UUID。

function UUIDv4() {
  $bytes = str_split(crypto_random_bytes(16));

  // Set UUID Version Number
  $bytes[6] = $bytes[6] & "\x0f" | "\x40";

  // Set UUID DCE1.1 varient
  $bytes[8] = $bytes[8] & "\x3f" | "\x80";

  $uuid = bin2hex(implode($bytes));

  return sprintf('%08s-%04s-%04s-%04s-%12s',
    // 32 bits for "time_low"
    substr($uuid, 0, 8),

    // 16 bits for "time_mid"
    substr($uuid, 8, 4),

    // 16 bits for "time_hi_and_version",
    // four most significant bits holds version number 4
    substr($uuid, 12, 4),

    // 16 bits, 8 bits for "clk_seq_hi_res",
    // 8 bits for "clk_seq_low",
    // two most significant bits holds zero and one for variant DCE1.1
    substr($uuid, 16, 4),

    // 48 bits for "node"
    substr($uuid, 20, 12)
  ); 
}

function crypto_random_bytes($count) {
  static $randomState = null;

  $bytes = '';

  if(function_exists('openssl_random_pseudo_bytes') &&
      (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win
    $bytes = openssl_random_pseudo_bytes($count);
  }

  if($bytes === '' && is_readable('/dev/urandom') &&
     ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
    $bytes = fread($hRand, $count);
    fclose($hRand);
  }

  if(strlen($bytes) < $count) {
    $bytes = '';

    if($randomState === null) {
      $randomState = microtime();
      if(function_exists('getmypid')) {
        $randomState .= getmypid();
      }
    }

    for($i = 0; $i < $count; $i += 16) {
      $randomState = md5(microtime() . $randomState);

      if (PHP_VERSION >= '5') {
        $bytes .= md5($randomState, true);
      } else {
        $bytes .= pack('H*', md5($randomState));
      }
    }

    $bytes = substr($bytes, 0, $count);
  }

  return $bytes;
}

First, it seems that you are using plain md5() to store user passwords... DO NOT DO THAT, IT IS A SECURITY RISK. You are putting your users and yourself at risk. Use key strengthening with a stronger hash algorithm or bcrypt. See this answer for more information.

It seems that you are actually trying to generate a nonce for email activation.

If anything, a Universally Unique IDentifier (UUID) will do the job. It has a very low change of collision and allows for 3 × 10³⁸ unique values (once a value is used, you can reuse it for another user anyway for your use case).

You can use this function I wrote to generate UUIDs in PHP. What you want for your needs is a v4 UUID.

function UUIDv4() {
  $bytes = str_split(crypto_random_bytes(16));

  // Set UUID Version Number
  $bytes[6] = $bytes[6] & "\x0f" | "\x40";

  // Set UUID DCE1.1 varient
  $bytes[8] = $bytes[8] & "\x3f" | "\x80";

  $uuid = bin2hex(implode($bytes));

  return sprintf('%08s-%04s-%04s-%04s-%12s',
    // 32 bits for "time_low"
    substr($uuid, 0, 8),

    // 16 bits for "time_mid"
    substr($uuid, 8, 4),

    // 16 bits for "time_hi_and_version",
    // four most significant bits holds version number 4
    substr($uuid, 12, 4),

    // 16 bits, 8 bits for "clk_seq_hi_res",
    // 8 bits for "clk_seq_low",
    // two most significant bits holds zero and one for variant DCE1.1
    substr($uuid, 16, 4),

    // 48 bits for "node"
    substr($uuid, 20, 12)
  ); 
}

function crypto_random_bytes($count) {
  static $randomState = null;

  $bytes = '';

  if(function_exists('openssl_random_pseudo_bytes') &&
      (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')) { // OpenSSL slow on Win
    $bytes = openssl_random_pseudo_bytes($count);
  }

  if($bytes === '' && is_readable('/dev/urandom') &&
     ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
    $bytes = fread($hRand, $count);
    fclose($hRand);
  }

  if(strlen($bytes) < $count) {
    $bytes = '';

    if($randomState === null) {
      $randomState = microtime();
      if(function_exists('getmypid')) {
        $randomState .= getmypid();
      }
    }

    for($i = 0; $i < $count; $i += 16) {
      $randomState = md5(microtime() . $randomState);

      if (PHP_VERSION >= '5') {
        $bytes .= md5($randomState, true);
      } else {
        $bytes .= pack('H*', md5($randomState));
      }
    }

    $bytes = substr($bytes, 0, $count);
  }

  return $bytes;
}

回复收藏 0 原文