我在我的android應用程序中實現了密碼更改功能,並且我在我的php文件中編碼了密碼哈希。用戶可以更改密碼並將密碼存儲在數據庫中。當我嘗試使用電子郵件和新密碼登錄時,它會告訴我不正確的密碼。我在哪裏做錯了我的PHP文件?在PHP中更改密碼問題
這是我的PHP文件中的代碼:
<?php
// array for JSON response
$response = array();
function hashSSHA($newpassword) {
$salt = mhash('sha512', rand());
$salt = substr($salt, 0, 15);
$encrypted = hash('sha512', $newpassword . $salt, true) . $salt;
$hash = array("salt" => $salt, "encrypted" => $encrypted);
return $hash;
}
// check for required fields
if (isset($_POST['email']) && isset($_POST['newpassword'])) {
$email = $_POST['email'];
$newpassword = $_POST['newpassword'];
// include db connect class
require_once __DIR__ . '/db_connect.php';
// connecting to db
$db = new DB_CONNECT();
// TESTING HERE FOR STORING NEW PASSWORD INTO DATABASE
$hash = hashSSHA($newpassword);
$encrypted_password = $hash["encrypted"]; // encrypted password
$salt = $hash["salt"]; // salt
$result = mysql_query("UPDATE users SET encrypted_password = '$encrypted_password', salt = '$salt' WHERE email = '$email'");
// check if row inserted or not
if ($result) {
// successfully updated
$response["success"] = 1;
$response["message"] = "Password successfully changed";
// echoing JSON response
echo json_encode($response);
} else {
$response["success"] = 0;
$response["message"] = "Password change failed";
echo json_encode($response);
}
} else {
// required field is missing
$response["success"] = 0;
$response["message"] = "Required field(s) is missing";
// echoing JSON response
echo json_encode($response);
}
?>
編輯 這是我的解密功能
// DECRYPTING user currentpassword
function checkhashSSHA($salt, $currentpassword) {
$hash = hash('sha512', $currentpassword . $salt, true) . $salt;
return $hash;
}
檢查'mhash'庫是否安裝 – diEcho
描述用戶密碼在他們嘗試登錄時如何驗證。 – jtheman
此代碼非常容易受到SQL注入攻擊! – JvdBerg