【发布时间】:2014-06-25 08:15:00
【问题描述】:
我尝试使用 php 中的 md5() 函数加密我的登录密码。我按照http://www.phpeasystep.com/workshopview.php?id=26 的教程进行操作,但密码在我的数据库中仍然可读。我用了这段代码,
$host="localhost";
$username="root";
$password="";
$db_name="database";
$tbl_name="members";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name") or die(mysql_error());
// POST values from form
$name=$_POST['name'];
$email=$_POST['email'];
$password=$_POST['password'];
// encrypt password
$encrypted_password=md5($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'";
$result=mysql_query($sql);
// Insert data into mysql
$sql="INSERT INTO $tbl_name(name, email, password)VALUES('$name', '$email', '$password')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Your account had been created..!";
echo "<BR>";
echo "<a href='login.php'>Login to continue</a>";
}
else {
echo "There's an error. Why don't you try again? it may be temporary.";
}
请帮帮我...
【问题讨论】:
-
因为您插入的是
$password而不是$encrypted_password。也就是说,您首先不应该使用md5()进行密码散列;有关散列和加密的更多详细信息,请参阅this answer。 -
有关合理密码散列的更多背景信息,请参阅security.stackexchange.com/questions/211/…。
标签: php mysql encryption md5