0

我的代码创建随机key并将其存储database在按钮单击中,keygen是按钮名称,if用户/客户已经拥有它key从数据库中获取的密钥,单击else它会生成一个新的key并将其存储在database. 有没有一种方法可以实现这一点,而无需将其存储key在数据库中,并且每次都为特定用户/客户获取相同的密钥。

代码:

<?php
include('session.php');
$result = mysql_query("SELECT * FROM customer WHERE customer_no = '$customer_no'");
$row = mysql_fetch_array($result);
if (isset($_POST['keygen'])){
$customer_no = $_POST['customer_no'];
$customer_no = mysql_real_escape_string($customer_no);
$result = mysql_query("SELECT * FROM customer WHERE customer_no = '$customer_no'");
while ($row = mysql_fetch_assoc($result)) {
$keyString = $row['key'];
if($keyString == ""){
$keyString = mysql_real_escape_string($keyString);
$query = mysql_query("UPDATE customer SET `key` = '$keyString' WHERE customer_no = '$customer_no'");
}
else{
$keyString = $row['key'];
}}} 

function  generateRandomString($length = 10) {  
$characters = '23456789ABCDEFGHJKMNPQRSTUVWXYZ';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
    $randomString .= $characters[rand(0, strlen($characters) - 1)];
} 
return $randomString;
}

?>

我的 HTML 是,

<div id="content" class="box2">
<div class="login">
<form action="" method="post" style="margin:12px;">
<table class="nostyle">
<tr>
<td align="center">
<label style="font-size:16px;"><strong>Customer ID: </strong></label>
<select name="customer_no">
<?php $result_customer= mysql_query('SELECT customer_no FROM customer ORDER BY   customer_no'); ?>
<?php while($row_customer= mysql_fetch_assoc($result_customer)) { ?>
<option <?php if ($row_customer['customer_no']=='') { ?> selected="selected"<?php } ?>> <?php echo htmlspecialchars($row_customer['customer_no']); ?> </option>
<?php } ?>
</select>
</td>
</tr>
<tr>
<td align="center"><label style="font-size:16px;"><br /><strong>Register Key: </strong> </label>
<input type="text" id="key" class="input-text" name="key" size="20" align="middle"   value = " <?=$row["key"];?>"></td>
 </tr>
 <td align="center"><br /><input type="submit" id="keygen" class="input-submit" name="keygen" value="Generate" onclick=""/>
 </td>
 </tr>
 </table>
 </form>
 </div>
 </div>

请帮忙,我是新手。

4

2 回答 2

0

Depends on how and what is the key used for.

One option if you have a fixed key anyway then derive it somehow from the customer_no. like using md5(), but if your customer numbers are sequential, that is also easy to attack, so a bit more complex calculation would be better, using all the non changeable customer data. this md5() sum can then be verified against the customer table.

于 2013-08-28T12:21:12.970 回答
0

一种方法是从一个(或多个)客户属性创建散列。哈希是一个从源字符串创建字符串的函数。相同的源字符串将始终生成相同的哈希。

但是您必须注意哈希的两个问题:您不能从哈希生成源字符串(因为哈希算法是不可逆的)并且您必须注意可能的哈希冲突(两个不同的字符串生成相同的哈希)。鉴于您的哈希有足够的长度(md5 有 32 个字符,sha1 有 40 长......),这不太可能。

如果您需要双向加密(从用户名中获取字符串,然后从字符串中生成该用户名),那么您需要查看加密技术。

查看提供许多不同加密/散列算法的 mcrypt 库。我相信您会找到适合您需求的。

于 2013-08-28T12:16:15.953 回答