开发者

md5 encryption qwerty - azerty error

开发者 https://www.devze.com 2023-04-05 13:54 出处:网络
For my php-login system combined with a MySQL database, I use a md5 - encryption to convert passwords when an user registers himself. Everything worked fine on a Windows-host,

For my php-login system combined with a MySQL database, I use a md5 - encryption to convert passwords when an user registers himself. Everything worked fine on a Windows-host, but now I've changed the host to Linux. Now, when I register a example user, with password "azerty", I couldn't login... When I trie to login with "qwerty" as password, it works. So it's like the md5 function read my keyboard as a qwerty keyboard instead as an azerty...

What can I do to solve this problem?

EDIT:

In the register script I do this:

$password = md5($password);

and then save $password to my database.

The loginscript checks on this:

if ($username == $dbuser开发者_运维知识库name && md5($password) == $dbpassword)


It doesn’t matter that you switched hosts. If you can log in with “querty” then you must have inadvertently registered with “querty”

When you’re testing the system, use a normal <input type="text"> so you can see what you’re typing. Switch it <input type="password"> when you’re finished testing. Also, add a “verify password” field so you can verify that the user didn’t accidentally mistype her password.

Secure Password Storage Primer

Add a field to your users table called "salt"

In the register script do this:

$salt = time();
$code = hash('sha256', $password . $salt);

Save $code and $salt in the users table.

In the loginscript check this:

if ($username === $dbusername && hash('sha256', $password . $dbsalt) === $dbpassword)
0

精彩评论

暂无评论...
验证码 换一张
取 消