我试图做一个登录系统,加密和解密数据库中的密码(为我的项目)。我可以使用aes_encrypt加密密码并将它们存储在数据库中。但是,当我稍后解密它们以找到用于登录的匹配密码时,它们不起作用。这就像aes_decrypt被跳过,没有运行,因为我有帐户存储在数据库中的明文密码,我可以登录他们,但对于加密密码帐户他们不工作。我使用xampp和phpmyadmin作为数据库。mysql aes_encrypt和aes_decrypt
Signup file
<?php
if(isset($_POST['signup']))
{
mysql_connect("localhost","root","");
mysql_select_db("faceback");
$Email=$_POST['email'];
$que1=mysql_query("select * from users where Email='$Email'");
$count1=mysql_num_rows($que1);
if($count1>0)
{
echo "<script>
alert('There is an existing account associated with this email.');
</script>";
}
else
{
$Name=$_POST['first_name'].' '.$_POST['last_name'];
$Password=$_POST['password'];
$Gender=$_POST['sex'];
$Birthday_Date=$_POST['day'].'-'.$_POST['month'].'-'.$_POST['year'];
$FB_Join_Date=$_POST['fb_join_time'];
$day=intval($_POST['day']);
$month=intval($_POST['month']);
$year=intval($_POST['year']);
if(checkdate($month,$day,$year))
{
$que2=mysql_query("insert into
users(Name,Email,Password,Gender,Birthday_Date,FB_Join_Date)
values('$Name','$Email',AES_ENCRYPT('$Password','897sdn9j98u98jk'),
'$Gender','$Birthday_Date','$FB_Join_Date')");
session_start();
$_SESSION['tempfbuser']=$Email;
}
Login file
<?php
if(isset($_POST['Login']))
{
mysql_connect("localhost","root","");
mysql_select_db("faceback");
$user=$_POST['username'];
$pass=$_POST['password'];
$que1=mysql_query("select Email,AES_DECRYPT(Password,'897sdn9j98u98jk') from
users where Email='$user' and Password='$pass'");
$count1=mysql_num_rows($que1);
if($count1>0)
{
session_start();
$_SESSION['tempfbuser']=$user;
}
您的代码易受SQL注入攻击。您应该使用[mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)或[PDO](http://php.net/manual/en/pdo.prepared- statement.php)按照[本文]中描述的准备语句(http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)。 –
自从PHP v5.5起,不再推荐'mysql_ *'函数,并且从v7.0开始已被删除。他们不应该用于新的代码,应该换成[mysqli](http://php.net/manual/en/book.mysqli.php)或[PDO](http://php.net/manual /en/book.pdo.php)尽可能等效。 –
不要使用MySQL的AES加密密码。相反,使用PHP的['password_hash()'](http://php.net/manual/en/function.password-hash.php)和['password_verify()'](http://php.net/manual/ en/function.password-verify.php)函数。 –