批量密码哈希PHP-LOGIN PROJECT代码

I have the following question / requirement.

My website has 2000 users, however the passwords are stored using Plain text (I know this is super bad). From reading various website blogs, i found that i need to use modern password-hashing and salting. I found php-login.net . They use modern salting / hashing.

I have downloaded the minimal login script which i will implement in my website. I have set up xampp to test locally. When i register a user is hashes the passwords and i can login.

My main requirement is that i want to hash all my current plain text passwords. php login using php password compatibility library.

password_compatibility_library

How can i hash all the plain passwords in database, because i am not going to hash 2000 1 by 1.

I assume i can write a script that will update all records in database using the password library.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

doukuang1897 2015-06-03 10:07

关注

<?php
// you should put your db connection stuff here
require('connect.php'); 

//you create a new column to store hashed passwords. Good idea if
//something goes bad. You should drop the column with the original
// passwords once every thing is ok and done.
$result = mysqli_query(
    $conn,
    'alter table users add column hashed_password varchar(255) not null'
); 

if ($result===FALSE)
{
// handle error here
}

$result = mysqli_query($conn, 'select * from users');
if ($result===FALSE)
{
// handle error here
}else
{
    while($user = mysqli_fetch_assoc($result)
    {
        // you could use PASSWORD_DEFAULT here but I wouldn't. If in a
        // future migration the default password crypt function changes
        // your system won't work and it will be hard to know why.
        $hashedPassword = password_hash($user['password'], PASSWORD_BCRYPT);
        $result2 = mysqli_query($conn,'update users set hashed_password = \''. mysqli_real_escape_string($hashedPassword) .'\' where id=\''. $user['id'] .'\'');
        if ($result2 === FALSE)
        {
        //handle error here
        }
    }
}

then you simply check the password in hashed_password column and not the original. If everything goes ok and you can login with no issues you can delete the original passwords column and you are done.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

查看更多回答(1条)

报告相同问题？

关注问题

批量密码哈希PHP-LOGIN PROJECT代码 mysql php
2015-06-03 09:47

回答 2 已采纳 <?php // you should put your db connection stuff here require('connect.php'); //you create a
Php - 密码哈希 php
2015-10-25 23:58

回答 1 已采纳 It's hard to understand what you're asking, but I bet you want to hash the value of $password befo
蛋糕php-密码哈希 php
2014-01-02 10:13

回答 1 已采纳 Use this to hash the password: $this->data['User']['password'] = AuthComponent::password(
一个小兔子的大数据见解2
2019-02-20 14:20

会武术的科学家的博客阿里的大数据解决方案 MAXCOMPUTE DATAWORKS QUICKBI 1、Vmware增强 2、 1.1、VMware 虚拟网络设备 1.1.1、虚拟网卡、虚拟交换机虚拟网卡：宿主机有自己的网卡，通常在这个路径在（控制面板\网络和 Internet\中...
php需要工作代码作为密码哈希的例子 mysql php
2014-11-27 16:38

回答 1 已采纳 Follow the examples provided in PHP the Right Way under password hashing: require 'password.php';
密码哈希PHP 7 [关闭] php
2017-02-08 18:11

回答 1 已采纳 You should never encrypt passwords, you should only hash them. Encryption implies that you can dec
无法使用预准备语句从数据库中提取密码哈希 mysql php
2018-04-26 17:44

回答 1 已采纳 Read this PHP MANUAL.Try this: <?php require('db.php'); if(isset($_POST['submit']))
Python分布式爬虫打造搜索引擎完整版-基于Scrapy、Redis、elasticsearch和django打造一个完整的搜索引擎网站
2018-10-06 18:17

JQW_FY的博客注意：因为使用了虚拟环境，所以将项目导入pycharm时要将项目的project interpreter切换为虚拟环境下的python.exe 比如我的虚拟环境中的python.exe位于 E:\Envs\pyscrapy3\Scripts **在windows报出错误** `...
如何使用PHP创建wordpress密码哈希生成器？ [关闭] php
2018-07-12 07:21

回答 1 已采纳 Wordpress provides a default function wp_hash_password(); Example: $password = 'admin'; $hash_pa
使用php生成密码哈希 php
2015-03-10 19:13

回答 1 已采纳 There's a lot of hate in the OP's comments. But it's misdirected - OP is not trying to decode anyt
cakephp 3-哈希密码在比较时不匹配 php
2017-04-05 12:38

回答 2 已采纳 This is what my reset password workflow looks like. I cannot tell from your post what your entity
Notes Twenty one days-渗透攻击-红队-权限提升
2020-10-07 23:57

大余xiyou的博客获取本地hash 5.1.4 转储域账户哈希值 5.1.5 SPN发现与利用（dayu-Fourteenth day） 5.1.6 哈希传递攻击利用 5.2 用户习惯 5.2.1 从目标文件中做信息搜集第一季 5.2.2 获取当前系统所有用户的谷歌浏览器密码 5.2.3 ...
PHP登录没有错误，但哈希时密码不相等 database php sql
2017-11-21 11:45

回答 1 已采纳 Your database password column is not long enough, and it's truncating the values. From the manual:
PHP 面试知识点整理归纳
2018-09-05 18:33

php小学一年级生的博客该篇文章是针对Github上wudi/PHP-Interview-Best-Practices-in-China资源的答案个人整理 lz也是初学者，以下知识点均为自己整理且保持不断更新，也希望各路大神多多指点，若发现错误或有补充，可直接comment，lz...
1-11
2017-03-21 23:37

warrenhua2008的博客 =============================================================================================== for(:){ String str="asdga"; ...for(char s:str){ //char 指的是str的元素的类型 ...int
没有解决我的问题, 去提问

悬赏问题

¥15 matlab实现基于主成分变换的图像融合。
¥15 对于相关问题的求解与代码
¥15 ubuntu子系统密码忘记
¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
¥15 保护模式-系统加载-段寄存器
¥15 电脑桌面设定一个区域禁止鼠标操作
¥15 求NPF226060磁芯的详细资料
¥15 使用R语言marginaleffects包进行边际效应图绘制
¥20 usb设备兼容性问题
¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊

码龄粉丝数原力等级 --

批量密码哈希PHP-LOGIN PROJECT代码

2条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

批量密码哈希PHP-LOGIN PROJECT代码

2条回答 默认 最新

悬赏问题

2条回答默认最新