dongqindan4406
2012-12-23 23:28
浏览 51
已采纳

如果我使用哈希函数,我如何匹配新旧密码?

I store user passwords as a plain text in the database. So it's easy to change the password. I use this code,

while($row = mysql_fetch_array($result)) {
  if($row['Password']==$opass)
    mysql_query(
      "UPDATE information SET Password='$pass' WHERE Username='$name'"
    );
}

First I am checking that user put his old password correctly ($opass), then I allow him to change it to new password ($pass). I think I could check old password because I stored it as plain text. But if I use any hash algorithm, how could this if($row['Password']==$opass) code work? I think $opass and $row['Password'] won't be same.

图片转代码服务由CSDN问答提供 功能建议

我将用户密码作为纯文本存储在数据库中。 因此,更改密码很容易。 我使用这段代码,

  while($ row = mysql_fetch_array($ result)){
 if($ row ['Password'] == $ opass)
 mysql_query  (
“更新信息SET密码='$传递'WHERE用户名='$名''
); 
} 
   
 
 

首先我正在检查 用户正确输入旧密码( $ opass ),然后我允许他将其更改为新密码( $ pass )。 我想我可以检查旧密码,因为我将其存储为纯文本。 但是如果我使用任何哈希算法,那么这个 if($ row ['Password'] == $ opass)代码怎么能运行? 我认为 $ opass $ row ['Password'] 不会相同。

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dtzk85937 2012-12-23 23:29
    已采纳

    Just hash the user inputted password with the equivalent hashing function, and compare that to what you have stored in your database.

    while($row = mysql_fetch_array($result)){
     if($row['Password']==yourOneWayPasswordHashingFunction($opass))
      mysql_query("UPDATE information SET Password='$pass' WHERE Username='$name'");}
    

    As I mentioned in the comments, use bcrypt. Passwords can be hard, so use this, and then go shopping, in time for xmas too :)

    Also...

    I store user passwords as a plain text in the database. So it's easy to change the password.

    Emphasis mine.

    You should never store plain text passwords, and it's easy to change is not a valid reason. Kudos, however, for recognising the need to do something about it.

    已采纳该答案
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题