這應該是一個基本問題,但我正在學習。我正在登錄系統,用戶輸入用戶名和密碼。如何通過javascript將密碼發送到我的函數散列中。因爲我需要將它與我的數據庫中的數據進行比較。如果密碼哈希=數據庫密碼,那麼它是確定的。將PHP變量從輸入字段傳遞到JavaScript函數
<link rel="stylesheet" href="style.css" />
<!-- ... -->
<div align="center">
<form action="connection.php" method="post">
<p>Fill your crendentials</p>
<label for="usrUserName">Your login</label>
<input id="usrUserName" name="usrUserName" /><br />
<tr><td>Password</td><td><input type="password" name="usrPassword" maxlength="25" id="usrPassword"/>
<form action="insert.php" method="post" onsumbit="return create_hash()">
</form>
</div>
這就是我現在的情況。我可以給你看哈希函數,但人們說這不是一個好主意。
編輯我的完整代碼
<script type="text/javascript">
define("PBKDF2_HASH_ALGORITHM", "sha1");
define("PBKDF2_ITERATIONS", 1000);
define("PBKDF2_SALT_BYTES", 24);
define("PBKDF2_HASH_BYTES", 24);
define("HASH_SECTIONS", 4);
define("HASH_ALGORITHM_INDEX", 0);
define("HASH_ITERATION_INDEX", 1);
define("HASH_SALT_INDEX", 2);
define("HASH_PBKDF2_INDEX", 3);
function create_hash($usrPassword)
{
var usrPassword =document.getElementById("usrPassword").value;
// format: algorithm:iterations:salt:hash
$salt = base64_encode(mcrypt_create_iv(PBKDF2_SALT_BYTES, MCRYPT_DEV_URANDOM));
return PBKDF2_HASH_ALGORITHM . ":" . PBKDF2_ITERATIONS . ":" . $salt . ":" .
base64_encode(pbkdf2(
PBKDF2_HASH_ALGORITHM,
$usrPassword,
base64_decode($salt),
PBKDF2_ITERATIONS,
PBKDF2_HASH_BYTES,
true
));
alert("usrPassword");
}
function validate_password($usrPassword, $good_hash)
{
$params = explode(":", $good_hash);
if(count($params) < HASH_SECTIONS)
return false;
$pbkdf2 = base64_decode($params[HASH_PBKDF2_INDEX]);
return slow_equals(
$pbkdf2,
pbkdf2(
$params[HASH_ALGORITHM_INDEX],
$usrPassword,
base64_decode($params[HASH_SALT_INDEX]),
(int)$params[HASH_ITERATION_INDEX],
strlen($pbkdf2),
true
)
);
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr">
<link rel="stylesheet" href="style.css" />
<div align = "center">
<form action = 'connection.php' method="post" >
<p> Entrer vos informations </p>
<label for="usrUserName">Votre code d'usager </label> <input
id="usrUserName" name="usrUserName" /><br />
<label for="usrPassword">Votre mot de passe </label> <input
id="usrPassword" name="usrPassword" type="usrPassword" /><br />
<input type="submit" value="submit" onsubmit=="return create_hash()">
</form>
獲得輸入字段中的值 - >散它 - >更換輸入結果 - >調用.submit() – KarelG
你不要在javascript中檢查哈希,你需要在服務器端(php)做到這一點。但是,如果你只是想在發送到服務器進行檢查之前對其進行散列(這沒有任何意義),那麼你應該使用ajax來提交表單。 – Dexa
檢查服務器上最好的數據庫。別忘了加些鹽。 – blue