我已经为Android创建了一个完整的工作注册/登录系统,一切都在空中和服务器端数据库,问题是,现在我的密码正在直接保存到数据库(没有ecnryption),我搜索了大量的网站和SoF的帖子和线程,但没有任何实际上帮助我。加密密码并存储在数据库中android
我也读到了MD5和SHA1,河豚和bcrypt,但使用PHP请求无法理解这样的crytography的正确执行..
连接而成。寄存器代码如下:
if($_SERVER['REQUEST_METHOD']=='POST'){
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$Firstname = $_POST['fname'];
$Lastname = $_POST['lname'];
$Date = $_POST['Date'];
require_once('db_config.php');
$check_username_email = "SELECT * FROM Users WHERE Username ='$username' AND Email = '$email'";
$check_u_e = mysqli_fetch_array(mysqli_query($db,$check_username_email));
$check_username = "SELECT * FROM Users WHERE Username ='$username'";
$check_u = mysqli_fetch_array(mysqli_query($db,$check_username));
$check_email = "SELECT * FROM Users WHERE Email ='$email'";
$check_e = mysqli_fetch_array(mysqli_query($db,$check_email));
if(isset($check_u_e)){
echo 'Username AND Email already exist, please change them Both.';
}
else if(isset($check_u)){
echo 'Username already exists, please change it.';
}
else if (isset($check_e)){
echo 'Email already exists, please change it.';
} else{
$sql = "INSERT INTO Users(Email,Username,Bio,Password,Fname,Lname,Regiser_Date) VALUES ('$email','$username',NULL,'$password','$Firstname','$Lastname','$Date')";
if(mysqli_query($db,$sql)){
echo "You have been successfully Registered";
} else{
echo "Sorry, something went wrong - Try again.";
}
}
}else{
echo 'Server error - Please try again later.';
mysqli_close($db);
}
和我的登录是在这里:
if($_SERVER['REQUEST_METHOD']=='POST'){
$username = $_POST['username'];
$password = $_POST['password'];
require_once('db_config.php');
$sql = "SELECT * FROM Users WHERE Username = '$username' AND Password = '$password'";
$result = mysqli_query($db,$sql);
$check = mysqli_fetch_array($result);
if(isset($check)){
echo 'Logged In';
}
else{
echo 'Failed to login';
}
}
一切都很好,除了encrytion。有人可以通过这个指导我吗?我读它需要双方,一个来自客户端(Android应用程序)和一个来自PHP服务器端
听起来你对[加密术语]感到困惑(https://paragonie.com/blog/2015/08/you-wouldnt-base64-a-password-cryptography-decoded)。加密是双向的,加密哈希是单向的。调用MD5或bcrypt加密是错误的,可能是导致你绊倒的一部分。 –