It's difficult to tell what is 开发者_如何转开发being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I have a login form with a hashed password to the database but when I log in using the password I assigned , I cannot log, I don't what to do next. I am using md5 to hashed passwords.
here is my code in inserting data to my db:
<?php
$con = mysql_connect("localhost","abc123","abc123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database_db", $con);
$password= $_POST['password'];
$encrypt_password=md5($password);
$sql="INSERT INTO username (username, password)
VALUES
('$_POST[username]','$encrypt_password')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 data added";
mysql_close($con)
?>
You have to rehash the password input the exact same way you stored it in order to validate it.
Example:
if (md5($_POST['password']) === $stored_md5_password)
{
// Password is valid
}
MD5 is usually considered a weak hashing algorithm, especially when the SHA encryptions are so easily available. Some interesting related reads:
- https://stackoverflow.com/questions/2768248/is-md5-really-that-bad
- Going from unsalted to salted MD5 passwords
- Is SHA-1 secure for password storage?
- http://www.php.net/manual/en/function.hash-hmac.php
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论