Đang chuẩn bị liên kết để tải về tài liệu:
Pro PHP Security phần 3

bạn đối phó trong phần đầu tiên của kịch bản này một phần xử lý các mật khẩu của một người dùng mới, từ một hình thức yêu cầu đăng nhập, bạn lưu trữ. userA € ™ s đệ trình trong các biến, và kiểm tra ™ gửi mật khẩu cho các tiêu chuẩn quy định mật khẩu của chúng tôi. | 78 CHAPTER 6 USING ENCRYPTION II PRACTICE form exit it is acceptable so hash it salt time hashedPassword shal JuserPassword . salt store it in the database and redirect the user makeDBConnection iquery - INSERT INTO LOGIN VALUES . dbSafe iuserName dbSafe JhashedPassword . . dbSafe salt . it mysql_query iquery exit couldn t add new record to database else header Location http www.example.com authenticated.php II passwordHashingDemo.php continues After creating functions to connect to the database and to prepare user input a subject we will discuss at length in Chapter 11 you deal in the first part of this partial script with handling the password of a new user submitted from a login request form. You store the user s submissions in variables and check the user s submitted password for our specified password criteria. If any problems are found you assemble an array of problem messages display the problems and provide again the login request form. If the password is acceptable you create a salt from the current time and concatenate it with the submitted password. You then hash that concatenated string using the highly secure shal function. Then you construct the MySQL instruction insert the new user s values into the database and redirect the now logged-in user to the application. II continues passwordHashingDemo.php II deal with the returning user s password II capture the returning user s information submitted from the login form JuserName _POST userName JuserPassword _POST userPassword II retrieve the stored password and salt for this user makeDBConnection iquery SELECT FROM LOGIN WHERE username . dbSafe JuserName result mysql_query iquery if result exit JuserName wasn t found in the database CHAPTER 6 USING ENCRYPTION II PRACTICE 79 row mysql_tetch_array result storedPassword row password salt row salt use the stored salt to hash the user s submitted password hashedPassword shal userPassword . salt compare the stored hash to the just-created hash it storedPassword