For my php-login system combined with a MySQL database, I use a md5 - encryption to convert passwords when an user registers himself. Everything worked fine on a Windows-host, but now I've changed the host to Linux. Now, when I register a example user, with password "azerty", I couldn't login... When I trie to login with "qwerty" as password, it works. So it's like the md5 function read my keyboard as a qwerty keyboard instead as an azerty...
What can I do to solve this problem?
EDIT:
In the register script I do this:
$password = md5($password);
and then save $password
to my database.
The loginscript checks on this:
if ($username == $dbuser开发者_运维知识库name && md5($password) == $dbpassword)
It doesn’t matter that you switched hosts. If you can log in with “querty” then you must have inadvertently registered with “querty”
When you’re testing the system, use a normal <input type="text">
so you can see what you’re typing. Switch it <input type="password">
when you’re finished testing. Also, add a “verify password” field so you can verify that the user didn’t accidentally mistype her password.
Secure Password Storage Primer
Add a field to your users table called "salt"
In the register script do this:
$salt = time();
$code = hash('sha256', $password . $salt);
Save $code
and $salt
in the users table.
In the loginscript check this:
if ($username === $dbusername && hash('sha256', $password . $dbsalt) === $dbpassword)
精彩评论