1. Theory
On ordinary HTTP, the password in the general form is transmitted to the server in clear text for processing. This undoubtedly gives the bad guys an opportunity! Here we will talk about how to transmit passwords safely!
Rather than transmitting the password itself, it is better to transmit its encrypted form. MD5 is a good choice. First, it is almost impossible for different resources to generate the same MD5 digest. Second, the encoding method of MD5 is irreversible. With these features, we can allow MD5 digests to be transmitted publicly on the Internet without worrying about the password being known by bad actors. Then the password is encrypted in the same way on the server side, and finally the two strings are compared.
However, we cannot md5 the password and transmit it directly through the Internet for login, because although the bad guys will not know our password, they will definitely know this special string that can authorize them to access our website!
This is the problem that public keys and private keys have to solve. First, the server provides a random string, and then the client adds the random string and the password and then encrypts it!
Every time you log in, the server will generate a different random string, so that your password does not change, but the MD5 digest encrypted by the above method is completely different. In this way, even if the bad guys get these MD5 digests, they will not be able to analyze your password!
In this method, the random string provided by the server is called the "public key", which has a short lifespan and can be used by anyone; your password is called the "private key", which has a long lifespan and will never be known. .
2. accomplish
Client-side Javascript does not provide a ready-made md5 algorithm, but if we search for "md5 javascript" on Google, we can get many examples of md5 implemented in Javascript.
I don’t need to say more in PHP, you can just use the md5() function! We can use session to store random strings (PHP is so powerful~~)
3. Notice
In JS, Chinese characters are in UTF-8 format, so if your password is in Chinese, and the encoding method of the password stored on the server is GB2312, then the encrypted strings of the two passwords are completely different!
The above has introduced http://www.12306.cn/mormhweb/ to securely transmit passwords over ordinary HTTP, including the content of http://www.12306.cn/mormhweb/. I hope you are interested in PHP tutorials. Friends help.