以下代码是我用来在 PHP 中加密密码的代码...
$password = sha1(sha1($_POST['password']).sha1("mySalt@$#(%"));
我可以使用什么代码让用户可以使用他们输入的内容登录?
问问题
2479 次
2 回答
3
sha1 is a hashing algorithm, not a 2-way encryption. You cannot retrieve the original password.
- Hash the submitted password using the same algorithm.
- Fetch, from your database, the password hash for the user in question.
- Compare the two hashes. If they match, the credentials are OK.
- Don't use sha1 for password hashing, it isn't safe enough
- Use a unique salt per credential, don't reuse the same one each time.
于 2013-03-14T12:49:45.120 回答
0
You should use crypt for password hashing, sha1/md5 are too weak.
All you need:
function check_password($password) {
...//get db password to compare
if (crypt($post_password, $db_results[0]['password']) == $db_results[0]['password']) {
return true;
} else { return false; }
}
于 2013-03-14T12:51:07.587 回答