在md5中加密密码?

时间:2012-11-03 20:32:34

标签: php sql md5

  

可能重复:
  Need help… how to add md5 to password field in php?

我有这个脚本允许用户更改密码。但我想要的是新的密码'用md5加密到数据库中。任何人都可以告诉我如何更改此脚本以加密“新密码”'请问md5?

    <?php
require_once("session.php"); 
require_once("functions.php");
require('_config/connection.php');
?>
<?php 

session_start();

include '_config/connection.php'; 

$email = $_POST['email'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];

$result = mysql_query("SELECT password FROM ptb_users WHERE email='$email'");





if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else 
if($password!= mysql_result($result, 0)) 
{ 
echo "You entered an incorrect password"; 
} 
if($newpassword=$confirmnewpassword) 
    $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' where email='$email'"); 
    if($sql) 
    { 
    echo "Congratulations You have successfully changed your password"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}  
?>

4 个答案:

答案 0 :(得分:1)

您正在检查数据库的md5密码是否符合纯文本字符串,您必须在执行此检查之前将密码转换为md5。示例

               else 
   if(md5($password)!= mysql_result($result, 0)) 
    { 
   echo "You entered an incorrect password"; 
    } 
   if($newpassword=$confirmnewpassword)
              $newpassword = md5($newpassword);
$sql=mysql_query("UPDATE ptb_users SET password='$newpassword' where email='$email'"); 
if($sql) 
{ 
echo "Congratulations You have successfully changed your password"; 
}
  else
{ 
 echo "The new password and confirm new password fields must be the same"; 
 }

答案 1 :(得分:0)

        <?php
    require_once("session.php"); 
    require_once("functions.php");
    require('_config/connection.php');
    ?>
    <?php 

    session_start();

    include '_config/connection.php'; 

    $email = $_POST['email'];
    $password = $_POST['password'];
    $newpassword = $_POST['newpassword'];
    $confirmnewpassword = $_POST['confirmnewpassword'];

    $result = mysql_query("SELECT password FROM ptb_users WHERE email='$email'");





    if(!$result) 
    { 
    echo "The username you entered does not exist"; 
    } 
    else 
    if($password!= mysql_result($result, 0)) 
    { 
    echo "You entered an incorrect password"; 
    } 
    if($newpassword=$confirmnewpassword)
{
        $newpassword=md5($newpassword);
        $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' where email='$email'"); 
}
        if($sql) 
        { 
        echo "Congratulations You have successfully changed your password"; 
        }
    else
    { 
    echo "The new password and confirm new password fields must be the same"; 
    }  
    ?>

在更新哈希密码变量的数据库之前添加了一行。

答案 2 :(得分:0)

在PHP中执行MD5哈希的方法是

string md5 ( string $str [, bool $raw_output = false ] )

只需将新密码放入此功能并改为使用它。

请注意,MD5是一种单向哈希,所以你不能在之后“解密”......你必须将字符串与数据库作为MD5进行比较。

答案 3 :(得分:0)

请勿使用MD5,因为可靠性

,您可以使用password_compat 
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$newpassword = filter_var($_POST['newpassword'], FILTER_SANITIZE_STRING);
$newpassword2 = filter_var($_POST['confirmnewpassword'], FILTER_SANITIZE_STRING);

try {

    if ($newpassword != $newpassword2) {
        throw new Exception("Password Confirmation does not match");
    }

    $mysqli = new mysqli("host", "user", "password", "database");
    $result = $mysqli->query(sprintf("SELECT password FROM ptb_users WHERE email='%s'", $mysqli->escape_string($_POST['email'])));

    if ($result->num_rows < 1) {
        throw new Exception("The username you entered does not exist");
    }

    // Get Old Password
    $dbPassword = reset($result->fetch_assoc());

    // Prepare new hash
    $newHash = password_hash($newpassword, PASSWORD_BCRYPT);

    // Check if (password needs hashing and password is plain ) or Password is
    // hased but still old
    if ((password_needs_rehash($dbPassword, PASSWORD_BCRYPT) && $password == $dbPassword) || password_verify($password, $dbPassword)) {
        $mysqli->query(sprintf("UPDATE ptb_users SET password='%s' where email='%s'", $newHash, $mysqli->escape_string($_POST['email'])));
    } else {
        throw new Exception("Invalid Password");
    }
} catch ( Exception $e ) {
    echo $e->getMessage();
}
相关问题
最新问题