Я пытаюсь сделать сайт безопасным, используя хешированный пароль и соль. Я успешно реализовал это. Но если пользователи хотят изменить свой пароль, это становится трудным. Как я могу перекодировать пароль для изменения, который у меня есть, для поддержки хэшированного пароля и соли, которые я только что реализовал?
Это моя форма смены пароля - change_password.php
<form method="post" id="change_password" class="form-horizontal">
<div class="control-group">
<label class="control-label" for="inputEmail">Current Password</label>
<div class="controls">
<input type="hidden" id="password" name="password" value="<?php echo $row['password']; ?>" placeholder="Current Password">
<input type="password" id="current_password" name="current_password" placeholder="Current Password">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">New Password</label>
<div class="controls">
<input type="password" id="new_password" name="new_password" placeholder="New Password">
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Re-type Password</label>
<div class="controls">
<input type="password" id="retype_password" name="retype_password" placeholder="Re-type Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-info"><i class="icon-save"></i> Save</button>
</div>
</div>
</form>
Это мой скрипт jQuery
<script>
jQuery(document).ready(function(){
jQuery("#change_password").submit(function(e){
e.preventDefault();
var password = jQuery('#password').val();
var current_password = jQuery('#current_password').val();
var new_password = jQuery('#new_password').val();
var retype_password = jQuery('#retype_password').val();
if (password != current_password)
{
$.jGrowl("Password does not match with your current password ", { header: 'Change Password Failed' });
}else if (new_password != retype_password){
$.jGrowl("Password does not match with your new password ", { header: 'Change Password Failed' });
}else if ((password == current_password) && (new_password == retype_password)){
var formData = jQuery(this).serialize();
$.ajax({
type: "POST",
url: "update_password.php",
data: formData,
success: function(html){
$.jGrowl("Your password is successfully change", { header: 'Change Password Success' });
var delay = 2000;
setTimeout(function(){ window.location = 'dashboard_teacher.php' }, delay);
}
});
}
});
});
</script>
Это мой update_password.php
<?php
include('dbcon.php');
include('session.php');
$new_password = $_POST['new_password'];
mysql_query("update admins set password = '$new_password' where admins_id = '$session_id'")or die(mysql_error());
?>
Это мой логин.php
$query = "select * from admins where username = '$usernameVal';";
$resultSet = mysqli_query($conn,$query);
if(@mysqli_num_rows($resultSet) > 0){
//check noraml user salt and pass
//echo "noraml";
$saltQuery = "select salt from admins where username = '$usernameVal';";
$result = mysqli_query($conn,$saltQuery);
$row = mysqli_fetch_assoc($result);
$salt = $row['salt'];
$saltedPW = $escapedPW . $salt;
$hashedPW = hash('sha256', $saltedPW);
$query = "select * from admins where username = '$usernameVal'
and password = '$hashedPW' ";
$resultSet = mysqli_query($conn,$query);
if(@mysqli_num_rows($resultSet) > 0){
$row = mysqli_fetch_assoc($resultSet);
echo "your username and password is correct";
session_start();
$_SESSION["id"]=$row["admins_id"];
header("location:group/dashboard_teacher.php");
}
else
{
echo "your username or password is incorrect";
}
}
}
?>