如何重设密码,盐
我有一些php脚本,使我的用户可以使用电子邮件创建帐户。然后,他设置了一个哈希密码,生成了一个盐,并将其存储在我的数据库中。现在,我正在使用可以正常但无法使用新密码的重置密码(由于注册时使用了盐和哈希,因此更改了密码,即使密码正确也无法验证电子邮件)
以下是我用来加密user_password的哈希函数
$salt = sha1(rand());
$salt = substr($salt, 0, 10);
$encrypted = base64_encode(sha1($password . $salt, true) . $salt);
$hash = array("salt" => $salt, "encrypted" => $encrypted);
return $hash;
}
这是我的重置密码(更改密码但更改后的密码无法验证)
if(isset($_POST["reset-password"])) {
require_once('connect.php');
$sql = "UPDATE `oasisdb`.`registration_data` SET `user_password` = '" . ($_POST["user_password"]). "' WHERE `registration_data`.`name` = '" . $_GET["name"] . "'";
$result = mysqli_query($con,$sql);
$success_message = "Password is reset successfully.";
}
?>
<link href="demo-style.css" rel="stylesheet" type="text/css">
<script>
function validate_password_reset() {
if((document.getElementById("user_password").value == "") && (document.getElementById("confirm_password").value == "")) {
document.getElementById("validation-message").innerHTML = "Please enter new password!"
return false;
}
if(document.getElementById("user_password").value != document.getElementById("confirm_password").value) {
document.getElementById("validation-message").innerHTML = "Both password should be same!"
return false;
}
return true;
}
</script>
<form name="frmReset" id="frmReset" method="post" onSubmit="return validate_password_reset();">
<h1>Reset Password</h1>
<?php if(!empty($success_message)) { ?>
<div class="success_message"><?php echo $success_message; ?></div>
<?php } ?>
<div id="validation-message">
<?php if(!empty($error_message)) { ?>
<?php echo $error_message; ?>
<?php } ?>
</div>
<div class="field-group">
<div><label for="Password">Password</label></div>
<div>
<input type="password" name="user_password" id="user_password" class="input-field"></div>
</div>
<div class="field-group">
<div><label for="email">Confirm Password</label></div>
<div><input type="password" name="confirm_password" id="confirm_password" class="input-field"></div>
</div>
<div class="field-group">
<div><input type="submit" name="reset-password" id="reset-password" value="Reset Password" class="form-submit-button"></div>
</div>
</form>
这是我的mysql表 ```CREATE TABLE registration_data ( id int(255) NOT NULL, name varchar(150) NOT NULL, email varchar(150) NOT NULL, user_password varchar(80) NOT NULL, salt varchar(10) NOT NULL, gender varchar(50) NOT NULL, phone varchar(50) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
最后这是我的login.php
```<?php
require_once 'update_user_info.php';
$db = new update_user_info();
// json response array
$response = array("error" => FALSE);
if (isset($_POST['email']) && isset($_POST['password'])) {
// receiving the post params
$email = $_POST['email'];
$password = $_POST['password'];
// get the user by email and password
$user = $db->VerifyUserAuthentication($email, $password);
if ($user != false) {
// use is found
$response["error"] = FALSE;
$response["user"]["name"] = $user["name"];
$response["user"]["email"] = $user["email"];
$response["user"]["phone"] = $user["phone"];
$response["user"]["gender"] = $user["gender"];
echo json_encode($response);
} else {
// user is not found with the credentials
$response["error"] = TRUE;
$response["error_msg"] = "Wrong E-mail or Password. Please try again!";
echo json_encode($response);
}
} else {
// required post params is missing
$response["error"] = TRUE;
$response["error_msg"] = "Required parameters E-mail and Password is missing!";
echo json_encode($response);
}
?>
这是在注册时使用哈希的方式
$hash = $this->hashFunction($password);
$user_password = $hash["encrypted"]; // encrypted password
$salt = $hash["salt"]; // salt
$stmt = $this->conn->prepare("INSERT INTO registration_data(name, email, user_password, salt, gender, phone) VALUES(?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssss", $name, $email, $user_password, $salt, $gender, $phone);
$result = $stmt->execute();
$stmt->close();
展开
收起
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
相关问答
问答排行榜
最热
最新
推荐问答
