php - 在 PHP 和 MYSQL 的输入中从数据库中的哈希密码中获取原始密码
问题描述
我有一个用户页面,其中有添加和编辑用户信息,我试图从 PHP 和 MYSQL 的输入中的数据库中的散列密码中获取原始密码。我试过这段代码:
if(isset($_GET['add']) || isset($_GET['edit'])){
$name = ((isset($_POST['name']))?sanitize($_POST['name']):'');
$email = ((isset($_POST['email']))?sanitize($_POST['email']):'');
$password = ((isset($_POST['password']))?sanitize($_POST['password']):'');
$confirm = ((isset($_POST['confirm']))?sanitize($_POST['confirm']):'');
$permissions = ((isset($_POST['permissions']))?sanitize($_POST['permissions']):'');
$errors = array();
if(isset($_GET['edit'])){
$edit_id = (int)$_GET['edit'];
$userResults = $db->query("SELECT * FROM users WHERE id = '$edit_id'");
$user = mysqli_fetch_assoc($userResults);
$name = ((isset($_POST['name']))?$_POST['name']:$user['full_name']);
$email = ((isset($_POST['email']))?$_POST['email']:$user['email']);
$password = ((isset($_POST['password']))?$_POST['password']:$user['password']);
$confirm = ((isset($_POST['confirm']))?sanitize($_POST['confirm']):'');
$permissions = ((isset($_POST['permissions']))?$_POST['permissions']:$user['permissions']);
}
if($_POST){
$emailQuery = $db->query("SELECT * FROM users WHERE email = '$email'");
$emailCount = mysqli_num_rows($emailQuery);
if($emailCount != 0 && $_GET['add']){
$errors[] = 'That email already exists in our database.';
}
$required = array('name', 'email', 'password', 'confirm', 'permissions');
foreach($required as $f){
if(empty($_POST[$f])){
$errors[] = 'You must fill out all fields.';
break;
}
}
if(strlen($password) < 6){
$errors[] = 'Your password must be at least 6 characters.';
}
if($password != $confirm){
$errors[] = 'Your passwords do not match.';
}
if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
$errors[] = 'You must enter a valid email.';
}
if(!empty($errors)){
echo display_errors($errors);
}else{
//add user to database
$hashed = password_hash($password,PASSWORD_DEFAULT);
$mql = "INSERT INTO users (full_name,email,password,permissions) VALUES ('$name','$email','$hashed','$permissions')";
$_SESSION['success_flash'] = $name.' has been added.';
if(isset($_GET['edit'])){
$mql = "UPDATE users SET `full_name` = '$name', `email` = '$email',
`password` = '$hashed', `permissions` = '$permissions'
WHERE id = '$edit_id'";
}
$db->query($mql);
header('Location: users.php');
}
}
<h3 class="text-center"><?=((isset($_GET['edit']))?'Edit':'Add A New');?> User</h3><hr>
<form action="users.php?<?=((isset($_GET['edit']))?'edit='.$edit_id:'add=1');?>" method="post">
<div class="row">
<div class="form-group col-lg-6">
<label for="password">Password:</label>
<input type="text" name="password" id="password" class="form-control" value="<?php if(password_verify($password, $user['password'])){echo $password;}?>">
</div>
}else{
// Add user HTML
但是输入是空的......我似乎无法在代码中找到错误。如果我删除password verify
HTML 中的代码并将其替换为<?=$password;?>
我得到的是散列密码而不是原始密码。除确认和密码外,所有字段均有效。
解决方案
你不能。哈希是一种单向函数。这就是它的目的。https://en.wikipedia.org/wiki/Hash_function
推荐阅读
- python - Python 没有正确划分大浮点数
- python - 使用 Win32 和 COM 访问 Word 出现问题
- google-apps-script - 用于动态创建和排序变量的 Google 应用脚本
- firebase-realtime-database - “实时数据库”中的一个“子节点”可以插入多少条记录?
- design-patterns - 当您有多个任务相互依赖和不依赖时的设计模式
- angular - 模块 '"../../@types/chart.js"' 在 chartjs-plugin-annotation 中没有导出成员 'Color'
- google-apps-script - TypeError:无法读取未定义的属性“0”(Google 应用脚本)
- python - 无法安装包scrapy
- android-fragments - 一项活动,入职 + 多个带有底部导航的 backStacks 片段
- amazon-web-services - 如何将 terraform 输出作为变量传递给 k8s 规范?