-2

可能重复:
需要帮助...如何将 md5 添加到 php 中的密码字段?

我有这个脚本允许用户更改他们的密码。但我希望使用 md5 将“新密码”加密到数据库中。谁能告诉我如何更改此脚本以加密 md5 中的“新密码”?

    <?php
require_once("session.php"); 
require_once("functions.php");
require('_config/connection.php');
?>
<?php 

session_start();

include '_config/connection.php'; 

$email = $_POST['email'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];

$result = mysql_query("SELECT password FROM ptb_users WHERE email='$email'");





if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else 
if($password!= mysql_result($result, 0)) 
{ 
echo "You entered an incorrect password"; 
} 
if($newpassword=$confirmnewpassword) 
    $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' where email='$email'"); 
    if($sql) 
    { 
    echo "Congratulations You have successfully changed your password"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}  
?>
4

4 回答 4

1

您正在根据纯文本字符串检查数据库的 md5 密码,您必须在执行此检查之前将密码转换为 md5。例子

               else 
   if(md5($password)!= mysql_result($result, 0)) 
    { 
   echo "You entered an incorrect password"; 
    } 
   if($newpassword=$confirmnewpassword)
              $newpassword = md5($newpassword);
$sql=mysql_query("UPDATE ptb_users SET password='$newpassword' where email='$email'"); 
if($sql) 
{ 
echo "Congratulations You have successfully changed your password"; 
}
  else
{ 
 echo "The new password and confirm new password fields must be the same"; 
 }
于 2012-11-03T20:38:07.430 回答
0

Don't use MD5 you can use password_compat instead due to reliability

$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$newpassword = filter_var($_POST['newpassword'], FILTER_SANITIZE_STRING);
$newpassword2 = filter_var($_POST['confirmnewpassword'], FILTER_SANITIZE_STRING);

try {

    if ($newpassword != $newpassword2) {
        throw new Exception("Password Confirmation does not match");
    }

    $mysqli = new mysqli("host", "user", "password", "database");
    $result = $mysqli->query(sprintf("SELECT password FROM ptb_users WHERE email='%s'", $mysqli->escape_string($_POST['email'])));

    if ($result->num_rows < 1) {
        throw new Exception("The username you entered does not exist");
    }

    // Get Old Password
    $dbPassword = reset($result->fetch_assoc());

    // Prepare new hash
    $newHash = password_hash($newpassword, PASSWORD_BCRYPT);

    // Check if (password needs hashing and password is plain ) or Password is
    // hased but still old
    if ((password_needs_rehash($dbPassword, PASSWORD_BCRYPT) && $password == $dbPassword) || password_verify($password, $dbPassword)) {
        $mysqli->query(sprintf("UPDATE ptb_users SET password='%s' where email='%s'", $newHash, $mysqli->escape_string($_POST['email'])));
    } else {
        throw new Exception("Invalid Password");
    }
} catch ( Exception $e ) {
    echo $e->getMessage();
}
于 2012-11-03T22:59:49.627 回答
0 
        <?php
    require_once("session.php"); 
    require_once("functions.php");
    require('_config/connection.php');
    ?>
    <?php 

    session_start();

    include '_config/connection.php'; 

    $email = $_POST['email'];
    $password = $_POST['password'];
    $newpassword = $_POST['newpassword'];
    $confirmnewpassword = $_POST['confirmnewpassword'];

    $result = mysql_query("SELECT password FROM ptb_users WHERE email='$email'");





    if(!$result) 
    { 
    echo "The username you entered does not exist"; 
    } 
    else 
    if($password!= mysql_result($result, 0)) 
    { 
    echo "You entered an incorrect password"; 
    } 
    if($newpassword=$confirmnewpassword)
{
        $newpassword=md5($newpassword);
        $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' where email='$email'"); 
}
        if($sql) 
        { 
        echo "Congratulations You have successfully changed your password"; 
        }
    else
    { 
    echo "The new password and confirm new password fields must be the same"; 
    }  
    ?>

在更新散列密码变量的数据库之前添加了一行。

于 2012-11-03T20:34:15.683 回答
0

在 PHP 中进行 MD5 哈希的方法是

string md5 ( string $str [, bool $raw_output = false ] )

只需通过此功能输入新密码并使用它即可。

请注意,MD5 是一种单向哈希,因此您不能在后面“解密”它......您必须将字符串与您的数据库进行比较作为 MD5。

于 2012-11-03T20:35:20.530 回答