最受欢迎

用户密码经过散列和加盐处理,试图允许用户在前端更改密码

User password hashed and salted, trying to allow the user to change the password on front end?

本文关键字:密码 用户 许用户 前端 经过 处理 | 更新日期: 2023-09-27

起初密码更改是有效的,但当我添加hash和salt时,现在用户无法更改密码(不断获取:当前密码不正确)

if (count($_POST)>0) {
$result = mysql_query("SELECT * from users WHERE username='"
.$_SESSION["user"] . "'");
$row=mysql_fetch_array($result);
    if($_POST["currentPassword"] == $row["password"]) {
mysql_query("UPDATE users set password='" . $_POST["newPassword"] . "'  
WHERE username='" . $_SESSION["user"] . "'");
$message = "Password Changed";
}   else $message = "Current Password is not correct";
}

这是注册页面:

session_start();
    if($_SESSION['user']!=''){header("Location:welcome.php");}
$dbh=new PDO('mysql:dbname=doctor;localhost', 'root', '');
$email=$_POST['mail'];
$password=$_POST['pass'];
    if(isset($_POST) && $email!='' && $password!=''){
$sql=$dbh->prepare("SELECT id,password,psalt FROM users WHERE 
username=?");
$sql->execute(array($email));
      while($r=$sql->fetch()){
$p=$r['password'];
$p_salt=$r['psalt'];
$id=$r['id'];
}
$site_salt="mysalt";/
$salted_hash = hash('sha256',$password.$site_salt.$p_salt);
    if($p==$salted_hash){
    $_SESSION['user']=$id;
    header("Location:welcome.php");
       }else{
 echo "Username OR Password is Incorrect...";
}
}

这是JavaScript:

function validatePassword() {
var currentPassword,newPassword,confirmPassword,output = true;
currentPassword = document.frmChange.currentPassword;
newPassword = document.frmChange.newPassword;
confirmPassword = document.frmChange.confirmPassword;
if(!currentPassword.value) {
currentPassword.focus();
document.getElementById("currentPassword").innerHTML = "required";
output = false;
}
else if(!newPassword.value) {
newPassword.focus();
document.getElementById("newPassword").innerHTML = "required";
output = false;
}
else if(!confirmPassword.value) {
confirmPassword.focus();
document.getElementById("confirmPassword").innerHTML = "required";
output = false;
}
if(newPassword.value != confirmPassword.value) {
newPassword.value="";
confirmPassword.value="";
newPassword.focus();
document.getElementById("confirmPassword").innerHTML = "not same";
output = false;
}   
return output;
}

假设有一个用户使用该用户名,则您的第一个脚本出现问题:

if($_POST["currentPassword"] == $row["password"])

这将比较表单($_POST["currentPassword"])中的原始密码与结果($_POST["currentPassword"])中的哈希密码较两个密码的哈希形式。您需要使用存储用户密码之前使用的相同哈希函数对表单中的一个进行哈希。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习