PHP 重设密码
PHP reset Password
我对如何加密新密码以进入数据库感到困惑。当我输入密码时,它会加密并检查数据库是否正确,为了验证新密码,它只会将其更改为纯文本。
if (count($_POST) > 0) {
$result = mysqli_query($conn, "SELECT *from users WHERE id='" . $_SESSION["id"] . "'");
$row = mysqli_fetch_array($result);
if (MD5(mysqli_real_escape_string($_POST["currentPassword"] == $row["password"]))) {
mysqli_query($conn, "UPDATE users set password='" . $_POST["newPassword"] . "' WHERE id='" . $_SESSION["id"] . "'");
$message = "Password Changed";
} else
$message = "Current Password is not correct";
}
// password encryption for security.
$salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
$salt = base64_encode($salt);
$salt = str_replace('+', '.', $salt);
$hash = crypt($pass, 'y$'.$salt.'$');
//echo ("".$hash."<br />\n");
$pass是密码输入的密码
保存$hash到数据库
验证从数据库中获取的密码$hash
if(password_verify($pass, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
更新并尝试该程序
对于简单的应用程序,您可以使用 base64_encode() 在输入新密码时将其加密并存储到数据库中。并且对于登录还加密输入的密码并将其与数据库匹配。
您的代码:
if (count($_POST) > 0)
{
$result = mysqli_query($conn, "SELECT *from users WHERE id='" . $_SESSION["id"] . "'");
$row = mysqli_fetch_array($result);
$entered_password = base64_encode($_POST["currentPassword"]);
$new_password = base64_encode($_POST["newPassword"]);
$id = $_SESSION["id"] ;
if ($entered_password == $row["password"]))) {
$result = mysqli_query($conn, "UPDATE users set password='" . $new_password . "' WHERE id='" .$id. "'");
$message = "Password Changed";
} else
$message = "Current Password is not correct";
}
这是一种简单的方法。
//password encryption
$user_password = "1234";
$hash_pass = password_encryption($user_password, PASSWORD_BCRYPT, array('cost'=>10);
//"$user_password"-password obtained from the user input
//"$hash_pass" -encrypted password stored in a database
//verify the user password with that obtained from the database
if(password_verify($user_password, $hash_pass)){
echo "password is valid";
}else{
echo "password is not valid";
}
试试这个。
我对如何加密新密码以进入数据库感到困惑。当我输入密码时,它会加密并检查数据库是否正确,为了验证新密码,它只会将其更改为纯文本。
if (count($_POST) > 0) {
$result = mysqli_query($conn, "SELECT *from users WHERE id='" . $_SESSION["id"] . "'");
$row = mysqli_fetch_array($result);
if (MD5(mysqli_real_escape_string($_POST["currentPassword"] == $row["password"]))) {
mysqli_query($conn, "UPDATE users set password='" . $_POST["newPassword"] . "' WHERE id='" . $_SESSION["id"] . "'");
$message = "Password Changed";
} else
$message = "Current Password is not correct";
}
// password encryption for security.
$salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
$salt = base64_encode($salt);
$salt = str_replace('+', '.', $salt);
$hash = crypt($pass, 'y$'.$salt.'$');
//echo ("".$hash."<br />\n");
$pass是密码输入的密码
保存$hash到数据库
验证从数据库中获取的密码$hash
if(password_verify($pass, $hash)) {
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
更新并尝试该程序
对于简单的应用程序,您可以使用 base64_encode() 在输入新密码时将其加密并存储到数据库中。并且对于登录还加密输入的密码并将其与数据库匹配。
您的代码:
if (count($_POST) > 0)
{
$result = mysqli_query($conn, "SELECT *from users WHERE id='" . $_SESSION["id"] . "'");
$row = mysqli_fetch_array($result);
$entered_password = base64_encode($_POST["currentPassword"]);
$new_password = base64_encode($_POST["newPassword"]);
$id = $_SESSION["id"] ;
if ($entered_password == $row["password"]))) {
$result = mysqli_query($conn, "UPDATE users set password='" . $new_password . "' WHERE id='" .$id. "'");
$message = "Password Changed";
} else
$message = "Current Password is not correct";
}
这是一种简单的方法。
//password encryption
$user_password = "1234";
$hash_pass = password_encryption($user_password, PASSWORD_BCRYPT, array('cost'=>10);
//"$user_password"-password obtained from the user input
//"$hash_pass" -encrypted password stored in a database
//verify the user password with that obtained from the database
if(password_verify($user_password, $hash_pass)){
echo "password is valid";
}else{
echo "password is not valid";
}
试试这个。