dtwncxs3547 2015-06-03 09:47
浏览 61
已采纳

批量密码哈希PHP-LOGIN PROJECT代码

I have the following question / requirement.

My website has 2000 users, however the passwords are stored using Plain text (I know this is super bad). From reading various website blogs, i found that i need to use modern password-hashing and salting. I found php-login.net . They use modern salting / hashing.

I have downloaded the minimal login script which i will implement in my website. I have set up xampp to test locally. When i register a user is hashes the passwords and i can login.

My main requirement is that i want to hash all my current plain text passwords. php login using php password compatibility library.

password_compatibility_library

How can i hash all the plain passwords in database, because i am not going to hash 2000 1 by 1.

I assume i can write a script that will update all records in database using the password library.

  • 写回答

2条回答 默认 最新

  • doukuang1897 2015-06-03 10:07
    关注
    <?php
// you should put your db connection stuff here
require('connect.php'); 

//you create a new column to store hashed passwords. Good idea if
//something goes bad. You should drop the column with the original
// passwords once every thing is ok and done.
$result = mysqli_query(
    $conn,
    'alter table users add column hashed_password varchar(255) not null'
); 

if ($result===FALSE)
{
// handle error here
}

$result = mysqli_query($conn, 'select * from users');
if ($result===FALSE)
{
// handle error here
}else
{
    while($user = mysqli_fetch_assoc($result)
    {
        // you could use PASSWORD_DEFAULT here but I wouldn't. If in a
        // future migration the default password crypt function changes
        // your system won't work and it will be hard to know why.
        $hashedPassword = password_hash($user['password'], PASSWORD_BCRYPT);
        $result2 = mysqli_query($conn,'update users set hashed_password = \''. mysqli_real_escape_string($hashedPassword) .'\' where id=\''. $user['id'] .'\'');
        if ($result2 === FALSE)
        {
        //handle error here
        }
    }
}

    then you simply check the password in hashed_password column and not the original. If everything goes ok and you can login with no issues you can delete the original passwords column and you are done.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化
  • ¥15 Mirare PLUS 进行密钥认证?(详解)
  • ¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
  • ¥20 想用ollama做一个自己的AI数据库
  • ¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
  • ¥15 请问怎么才能复现这样的图呀