开发者

How to prevent double md5-ing of password field on update form?

问答 作者:

On my user info update form, i let users update the pass along with other things. If they don't want to update the password in the form, they leave it blank, as in the field is left empty. On the pr开发者_如何学JAVAocess page, if the field is blank i insert their existing password from the db (its md5) and if they changed it i want the new password in. Below is what i am using to try and accomplish that, but it is double md5-ing no matter what:

      if (!get_magic_quotes_gpc()) {

$newpass = mysql_escape_string($_POST['password']);
$newpass = md5($_POST['password']);

    }

    // If $dob is empty
    if (empty($newpass)) {

    $newpass = "$passis"; //$passis = the password stored in db which is md5
        }

$newpass will never be empty because md5 converts the empty string to a hash. So this condition will not work: if (empty($newpass)) {

Instead you have to do 

 if (empty($_POST['password'])) {

UPDATE

 if (!get_magic_quotes_gpc()) {

$newpass = mysql_escape_string($_POST['password']);
$newpass = md5($_POST['password']);

}

// If $dob is empty
if (empty($_POST['password'])) { 
   $newpass = "$passis"; //$passis = the password stored in db which is md5
}

Just a little reworking of your code:

  $newpass = $_POST['password'];

  if (!get_magic_quotes_gpc()) {
      $newpass = mysql_escape_string($newpass);
  }

  if(empty($newpass)) {
    $newpass = "$passis"; //$passis = existing md5'd password already stored in db
  }
  else {
    $newpass = md5($newpass); //$newpass = newly provided password needs to be md5'd before updating db
  }

You code is strange because it performes md5 only if the magic_quotes_gpc directive is set.
Another think is that the md5 of the empty string is not the empty string.

Here is a code that should work nicer: 

$newpass = isset($_POST['password']) ? $_POST['password'] : '';
if ($newpass=='') {
  $newpass = $passis; // $passis = the password stored in db which is md5
} else {
  if (get_magic_quotes_gpc()) $newpass = stripslashes($newpass); // take off slashes added by PHP if any
  $newpass = md5($newpass);
}

继续阅读:passwordsphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9