0

我在 JAVA 中有一个代码,它连接到数据库并获取数据库中每个用户的密码。

这是代码:

private void loginButtonActionPerformed(ActionEvent e) {

    String password = "";
        password=loginPasswordField.getText();
        String md5hashdatabase = "3f197eedfeaf826ad2af0bac49ded752";            
        try
        {
            MessageDigest md = MessageDigest.getInstance("MD5");
            md.update(password.getBytes());
            System.out.println(new BigInteger(1, md.digest()).toString(16));
            String md5hashes = new BigInteger(1, md.digest()).toString(16);
            String m = md5hashes;

            String myDriver = "org.gjt.mm.mysql.Driver";
            String myUrl = "jdbc:mysql://experimentalx.com/exper482_social";
            Class.forName(myDriver);
            Connection conn = DriverManager.getConnection(myUrl, "admin", "test");

            String query = "SELECT password FROM social_users";

            Statement st = conn.createStatement();

            ResultSet rs = st.executeQuery(query);

            while (rs.next())
            {
                String encryptedPassWord = rs.getString("password");
                System.out.format("%s\n", encryptedPassWord);

                if(m.equals(encryptedPassWord)) 
                {
                    System.out.println("Its exactly the same!");
                }
                else if(!m.equals(encryptedPassWord)) 
                {
                    System.out.println("Its not the same!");
                }
                else
                {
                    System.out.println("For some reason, this is just not wanting to work!");
                }           
          }
            st.close();
        }
        catch (Exception e1)
        {
            System.err.println("Got an exception! ");
            System.err.println(e1.getMessage());
        }   
    }

它获取密码,然后检查字符串 md5hash 是否与从数据库接收到的 md5 哈希之一相同(encryptedPassWord)。当它这样做时,它只是说它们都不相同,即使来自数据库的第一个哈希与字符串 m(md5hashes) 相同。

我错过了什么吗?如果是这样,请您指导我正确的道路。谢谢你。

4

3 回答 3

0

我想出了解决方案:

我安全地对输入的密码进行哈希处理的方式是错误的,现在我已经修复了它。感谢大家的帮助。

我将加密更改为这样工作:

String value2=loginPasswordField.getText(); //The Password Field (I know getText() isnt secure)
MessageDigest md = MessageDigest.getInstance("MD5");
                md.update(value2.getBytes());
                String value3 = new BigInteger(1, md.digest()).toString(16);
                System.out.println("It should work: "+value3);
于 2013-04-04T16:02:58.793 回答
0

尝试这个

if(m.trim().equals(encryptedPassWord.trim())) {
                System.out.println("Its exactly the same!");
            } else {
                System.out.println("Its not the same!");
            }
于 2013-04-03T21:34:25.803 回答
0 
private static boolean isPasswordCorrect(char[] input)
{
    boolean isCorrect = false;
    try
    {
        // This is where you encrypt your password
        byte[] einput = Encryption.encrypt(String.copyValueOf(input));
        // I'm not sure where you are loading your encrypted password
        isCorrect = new String(einput).equals(new String(passWordToCheckAgainst));
    } catch (Exception e)
    {
        e.printStackTrace();
    }
    return isCorrect;
}

char[] input = loginPasswordField.getPassword();
if (isPasswordCorrect(input))
{
    JOptionPane.showMessageDialog(controllingFrame, "Success! You typed the right password.");
}
于 2013-04-03T21:36:28.507 回答