dongqindan4406 2012-12-23 23:28
浏览 51
已采纳

如果我使用哈希函数,我如何匹配新旧密码?

I store user passwords as a plain text in the database. So it's easy to change the password. I use this code,

while($row = mysql_fetch_array($result)) {
  if($row['Password']==$opass)
    mysql_query(
      "UPDATE information SET Password='$pass' WHERE Username='$name'"
    );
}

First I am checking that user put his old password correctly ($opass), then I allow him to change it to new password ($pass). I think I could check old password because I stored it as plain text. But if I use any hash algorithm, how could this if($row['Password']==$opass) code work? I think $opass and $row['Password'] won't be same.

  • 写回答

1条回答 默认 最新

  • dtzk85937 2012-12-23 23:29
    关注

    Just hash the user inputted password with the equivalent hashing function, and compare that to what you have stored in your database.

    while($row = mysql_fetch_array($result)){
 if($row['Password']==yourOneWayPasswordHashingFunction($opass))
  mysql_query("UPDATE information SET Password='$pass' WHERE Username='$name'");}

    As I mentioned in the comments, use bcrypt. Passwords can be hard, so use this, and then go shopping, in time for xmas too :)

    Also...

    I store user passwords as a plain text in the database. So it's easy to change the password.

    Emphasis mine.

    You should never store plain text passwords, and it's easy to change is not a valid reason. Kudos, however, for recognising the need to do something about it.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 请教:如何用postman调用本地虚拟机区块链接上的合约?
  • ¥15 为什么使用javacv转封装rtsp为rtmp时出现如下问题:[h264 @ 000000004faf7500]no frame?
  • ¥15 乘性高斯噪声在深度学习网络中的应用
  • ¥15 运筹学排序问题中的在线排序
  • ¥15 关于docker部署flink集成hadoop的yarn,请教个问题 flink启动yarn-session.sh连不上hadoop,这个整了好几天一直不行,求帮忙看一下怎么解决
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集
  • ¥15 C++ 头文件/宏冲突问题解决
  • ¥15 用comsol模拟大气湍流通过底部加热(温度不同)的腔体
  • ¥50 安卓adb backup备份子用户应用数据失败
  • ¥20 有人能用聚类分析帮我分析一下文本内容嘛