Strengthen the security of user password storage and verification_PHP tutorial

The following $username and $password refer to the username and password respectively, and $sitekey is the site scrambling code.

Password setting




When submitting, use javascript to process


t_code0.value = md5 (username.value "|" passwd.value);
passwd.value = '';

If the submitted passwd has a value or t_code0 is empty, setting the password fails;

The value of t_code0 is saved to the save_pwd field of the database;


Password verification

1. Client application for login
The server generates a random code $sid, saves it in $_SESSION[sid], and passes it to the user at the same time;

Form







2. The user enters the user name and password, and when submitting, use javascript to process


var t = md5 (username.value "|" passwd.value);
t_code.value = md5 (sid "|" t);
passwd.value = '';
3. Server-side determination
If username is empty or passwd is not empty or t_code is empty, return to the login page;
If there is no $_SESSION[sid], return to the login page;


[php]

http://www.bkjia.com/PHPjc/629784.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629784.htmlTechArticleThe following $username and $password refer to the username and password respectively, and $sitekey is the site scrambling code. Password setting input type=password name=passwd / input type=hidden name=t_code0 / When submitting,...