dtwncxs3547 2015-06-03 09:47
浏览 61


I have the following question / requirement.

My website has 2000 users, however the passwords are stored using Plain text (I know this is super bad). From reading various website blogs, i found that i need to use modern password-hashing and salting. I found php-login.net . They use modern salting / hashing.

I have downloaded the minimal login script which i will implement in my website. I have set up xampp to test locally. When i register a user is hashes the passwords and i can login.

My main requirement is that i want to hash all my current plain text passwords. php login using php password compatibility library.


How can i hash all the plain passwords in database, because i am not going to hash 2000 1 by 1.

I assume i can write a script that will update all records in database using the password library.

  • 写回答

2条回答 默认 最新

  • doukuang1897 2015-06-03 10:07
    // you should put your db connection stuff here
    //you create a new column to store hashed passwords. Good idea if
    //something goes bad. You should drop the column with the original
    // passwords once every thing is ok and done.
    $result = mysqli_query(
        'alter table users add column hashed_password varchar(255) not null'
    if ($result===FALSE)
    // handle error here
    $result = mysqli_query($conn, 'select * from users');
    if ($result===FALSE)
    // handle error here
        while($user = mysqli_fetch_assoc($result)
            // you could use PASSWORD_DEFAULT here but I wouldn't. If in a
            // future migration the default password crypt function changes
            // your system won't work and it will be hard to know why.
            $hashedPassword = password_hash($user['password'], PASSWORD_BCRYPT);
            $result2 = mysqli_query($conn,'update users set hashed_password = \''. mysqli_real_escape_string($hashedPassword) .'\' where id=\''. $user['id'] .'\'');
            if ($result2 === FALSE)
            //handle error here

    then you simply check the password in hashed_password column and not the original. If everything goes ok and you can login with no issues you can delete the original passwords column and you are done.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥15 layui 代码问题解决
  • ¥15 TCP传输时不同网卡传输用时差异过大
  • ¥15 请各位看看我写的属于什么算法,或者有更正确的写法?
  • ¥15 html5 qrcode 扫描器
  • ¥15 爬取网页信息并保存需要完整代码
  • ¥15 一分十不等功分器阻设计问题,请问这个56Ω怎么得到的
  • ¥15 (标签-matlab)
  • ¥100 求看看这个数学建模,有偿
  • ¥15 深度学习目标检测现在框架加注意力的创新可以投几区?
  • ¥15 PdfiumViewer pdf转图片