1. 技术文章
  2. encrypt password in md5? [duplicate]

encrypt password in md5? [duplicate]

醉酒当歌 提交于 2019-12-08 14:14:40

问题


Possible Duplicate:
Need help… how to add md5 to password field in php?

I have got this script to allow users to change their passwords. But am wanting the 'newpassword' to be encrypted into the database with md5. Can anyone tell me how i can change this script to encrypt the 'newpassword' in md5 please?

    <?php
require_once("session.php"); 
require_once("functions.php");
require('_config/connection.php');
?>
<?php 

session_start();

include '_config/connection.php'; 

$email = $_POST['email'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];

$result = mysql_query("SELECT password FROM ptb_users WHERE email='$email'");





if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else 
if($password!= mysql_result($result, 0)) 
{ 
echo "You entered an incorrect password"; 
} 
if($newpassword=$confirmnewpassword) 
    $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' where email='$email'"); 
    if($sql) 
    { 
    echo "Congratulations You have successfully changed your password"; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}  
?>

回答1:


You are checking the database's md5 password against plain text string, you have to convert the password to md5 before you do this check. Example 

               else 
   if(md5($password)!= mysql_result($result, 0)) 
    { 
   echo "You entered an incorrect password"; 
    } 
   if($newpassword=$confirmnewpassword)
              $newpassword = md5($newpassword);
$sql=mysql_query("UPDATE ptb_users SET password='$newpassword' where email='$email'"); 
if($sql) 
{ 
echo "Congratulations You have successfully changed your password"; 
}
  else
{ 
 echo "The new password and confirm new password fields must be the same"; 
 }



回答2:


        <?php
    require_once("session.php"); 
    require_once("functions.php");
    require('_config/connection.php');
    ?>
    <?php 

    session_start();

    include '_config/connection.php'; 

    $email = $_POST['email'];
    $password = $_POST['password'];
    $newpassword = $_POST['newpassword'];
    $confirmnewpassword = $_POST['confirmnewpassword'];

    $result = mysql_query("SELECT password FROM ptb_users WHERE email='$email'");





    if(!$result) 
    { 
    echo "The username you entered does not exist"; 
    } 
    else 
    if($password!= mysql_result($result, 0)) 
    { 
    echo "You entered an incorrect password"; 
    } 
    if($newpassword=$confirmnewpassword)
{
        $newpassword=md5($newpassword);
        $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' where email='$email'"); 
}
        if($sql) 
        { 
        echo "Congratulations You have successfully changed your password"; 
        }
    else
    { 
    echo "The new password and confirm new password fields must be the same"; 
    }  
    ?>

Added a line before updating the database which hashes the password variable.




回答3:


The method to do an MD5 hash in PHP is

string md5 ( string $str [, bool $raw_output = false ] )

Simply put the new password through this function and use it instead.

Please note that MD5 is a one way hash so you cannot "decrypt" it afterwords... you will have to compare the string to your database as MD5.




回答4:


Don't use MD5 you can use password_compat instead due to reliability

$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$newpassword = filter_var($_POST['newpassword'], FILTER_SANITIZE_STRING);
$newpassword2 = filter_var($_POST['confirmnewpassword'], FILTER_SANITIZE_STRING);

try {

    if ($newpassword != $newpassword2) {
        throw new Exception("Password Confirmation does not match");
    }

    $mysqli = new mysqli("host", "user", "password", "database");
    $result = $mysqli->query(sprintf("SELECT password FROM ptb_users WHERE email='%s'", $mysqli->escape_string($_POST['email'])));

    if ($result->num_rows < 1) {
        throw new Exception("The username you entered does not exist");
    }

    // Get Old Password
    $dbPassword = reset($result->fetch_assoc());

    // Prepare new hash
    $newHash = password_hash($newpassword, PASSWORD_BCRYPT);

    // Check if (password needs hashing and password is plain ) or Password is
    // hased but still old
    if ((password_needs_rehash($dbPassword, PASSWORD_BCRYPT) && $password == $dbPassword) || password_verify($password, $dbPassword)) {
        $mysqli->query(sprintf("UPDATE ptb_users SET password='%s' where email='%s'", $newHash, $mysqli->escape_string($_POST['email'])));
    } else {
        throw new Exception("Invalid Password");
    }
} catch ( Exception $e ) {
    echo $e->getMessage();
}


来源:https://stackoverflow.com/questions/13213237/encrypt-password-in-md5

标签
php
sql
md5
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!