开发者社区> 问答> 正文

如何重设密码,盐

我有一些php脚本,使我的用户可以使用电子邮件创建帐户。然后,他设置了一个哈希密码,生成了一个盐,并将其存储在我的数据库中。现在,我正在使用可以正常但无法使用新密码的重置密码(由于注册时使用了盐和哈希,因此更改了密码,即使密码正确也无法验证电子邮件)

以下是我用来加密user_password的哈希函数

        $salt = sha1(rand());
        $salt = substr($salt, 0, 10);
        $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
        $hash = array("salt" => $salt, "encrypted" => $encrypted);
        return $hash;
}

这是我的重置密码(更改密码但更改后的密码无法验证)

    if(isset($_POST["reset-password"])) {
        require_once('connect.php');
        $sql = "UPDATE `oasisdb`.`registration_data` SET `user_password` = '" . ($_POST["user_password"]). "' WHERE `registration_data`.`name` = '" . $_GET["name"] . "'";
        $result = mysqli_query($con,$sql);
        $success_message = "Password is reset successfully.";

    }
?>
<link href="demo-style.css" rel="stylesheet" type="text/css">
<script>
function validate_password_reset() {
    if((document.getElementById("user_password").value == "") && (document.getElementById("confirm_password").value == "")) {
        document.getElementById("validation-message").innerHTML = "Please enter new password!"
        return false;
    }
    if(document.getElementById("user_password").value  != document.getElementById("confirm_password").value) {
        document.getElementById("validation-message").innerHTML = "Both password should be same!"
        return false;
    }

    return true;
}
</script>
<form name="frmReset" id="frmReset" method="post" onSubmit="return validate_password_reset();">
<h1>Reset Password</h1>
    <?php if(!empty($success_message)) { ?>
    <div class="success_message"><?php echo $success_message; ?></div>
    <?php } ?>

    <div id="validation-message">
        <?php if(!empty($error_message)) { ?>
    <?php echo $error_message; ?>
    <?php } ?>
    </div>

    <div class="field-group">
        <div><label for="Password">Password</label></div>
        <div>
        <input type="password" name="user_password" id="user_password" class="input-field"></div>
    </div>

    <div class="field-group">
        <div><label for="email">Confirm Password</label></div>
        <div><input type="password" name="confirm_password" id="confirm_password" class="input-field"></div>
    </div>

    <div class="field-group">
        <div><input type="submit" name="reset-password" id="reset-password" value="Reset Password" class="form-submit-button"></div>
    </div>  
</form>

这是我的mysql表 ```CREATE TABLE registration_data ( id int(255) NOT NULL, name varchar(150) NOT NULL, email varchar(150) NOT NULL, user_password varchar(80) NOT NULL, salt varchar(10) NOT NULL, gender varchar(50) NOT NULL, phone varchar(50) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1;

最后这是我的login.php
```<?php
require_once 'update_user_info.php';
$db = new update_user_info();

// json response array
$response = array("error" => FALSE);

if (isset($_POST['email']) && isset($_POST['password'])) {

       // receiving the post params
        $email = $_POST['email'];
        $password = $_POST['password'];

        // get the user by email and password
        $user = $db->VerifyUserAuthentication($email, $password);

        if ($user != false) {
            // use is found
            $response["error"] = FALSE;        
            $response["user"]["name"] = $user["name"];
            $response["user"]["email"] = $user["email"];
            $response["user"]["phone"] = $user["phone"];
            $response["user"]["gender"] = $user["gender"];
            echo json_encode($response);
        } else {
            // user is not found with the credentials
            $response["error"] = TRUE;
            $response["error_msg"] = "Wrong E-mail or Password. Please try again!";
            echo json_encode($response);
        }
    } else {
        // required post params is missing
        $response["error"] = TRUE; 
        $response["error_msg"] = "Required parameters E-mail and Password is missing!";
        echo json_encode($response);
    }
?>

这是在注册时使用哈希的方式

        $hash = $this->hashFunction($password);
        $user_password = $hash["encrypted"]; // encrypted password
        $salt = $hash["salt"]; // salt

        $stmt = $this->conn->prepare("INSERT INTO registration_data(name, email, user_password, salt, gender, phone) VALUES(?, ?, ?, ?, ?, ?)");
        $stmt->bind_param("ssssss", $name, $email, $user_password, $salt, $gender, $phone);
        $result = $stmt->execute();
        $stmt->close();

展开
收起
社区秘书 2019-12-09 15:32:42 739 0
0 条回答
写回答
取消 提交回答
问答排行榜
最热
最新

相关电子书

更多
低代码开发师(初级)实战教程 立即下载
冬季实战营第三期:MySQL数据库进阶实战 立即下载
阿里巴巴DevOps 最佳实践手册 立即下载