Home > Backend Development > PHP Tutorial > Strengthen the security of user password storage and verification_PHP tutorial

Strengthen the security of user password storage and verification_PHP tutorial

WBOY
Release: 2016-07-13 17:08:56
Original
1172 people have browsed it

The following $username and $password refer to the username and password respectively, and $sitekey is the site scrambling code.

Password setting




When submitting, use javascript to process


t_code0.value = md5 (username.value "|" passwd.value);
passwd.value = '';

If the submitted passwd has a value or t_code0 is empty, setting the password fails;

The value of t_code0 is saved to the save_pwd field of the database;


Password verification

1. Client application for login
The server generates a random code $sid, saves it in $_SESSION[sid], and passes it to the user at the same time;

Form







2. The user enters the user name and password, and when submitting, use javascript to process


var t = md5 (username.value "|" passwd.value);
t_code.value = md5 (sid "|" t);
passwd.value = '';
3. Server-side determination
If username is empty or passwd is not empty or t_code is empty, return to the login page;
If there is no $_SESSION[sid], return to the login page;


[php]

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629784.htmlTechArticleThe following $username and $password refer to the username and password respectively, and $sitekey is the site scrambling code. Password setting input type=password name=passwd / input type=hidden name=t_code0 / When submitting,...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template