如何使用android API修改salt以进行webservice开发... [英] How do I modify salt with android API for webservice development...
本文介绍了如何使用android API修改salt以进行webservice开发...的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
使用android API修改salt进行webservice开发
我正在使用教程中的代码来创建用于android登录的API,但系统上的哈希我真的想要从不同的发展,我怎样才能改变以适应我的数据库?
Modifying salt with android API for webservice development
I am using codes from a tutorial to create API for android login but the hashing on the system I really want to develop from is different, how can I change to fit my database?
<?php
class DB_Functions {
private $conn;
// constructor
function __construct() {
require_once 'DB_Connect.php';
// connecting to database
$db = new Db_Connect();
$this->conn = $db->connect();
}
// destructor
function __destruct() {
}
/**
* Storing new user
* returns user details
*/
public function storeUser($name, $email, $password) {
$uuid = uniqid('', true);
$hash = $this->hashSSHA($password);
$encrypted_password = $hash["encrypted"]; // encrypted password
$salt = $hash["salt"]; // salt
$stmt = $this->conn->prepare("INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES(?, ?, ?, ?, ?, NOW())");
$stmt->bind_param("sssss", $uuid, $name, $email, $encrypted_password, $salt);
$result = $stmt->execute();
$stmt->close();
// check for successful store
if ($result) {
$stmt = $this->conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$user = $stmt->get_result()->fetch_assoc();
$stmt->close();
return $user;
} else {
return false;
}
}
/**
* Get user by email and password
*/
public function getUserByEmailAndPassword($email, $password) {
$stmt = $this->conn->prepare("SELECT * FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
if ($stmt->execute()) {
$user = $stmt->get_result()->fetch_assoc();
$stmt->close();
// verifying user password
$salt = $user['salt'];
$encrypted_password = $user['encrypted_password'];
$hash = $this->checkhashSSHA($salt, $password);
// check for password equality
if ($encrypted_password == $hash) {
// user authentication details are correct
return $user;
}
} else {
return NULL;
}
}
/**
* Check user is existed or not
*/
public function isUserExisted($email) {
$stmt = $this->conn->prepare("SELECT email from users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
// user existed
$stmt->close();
return true;
} else {
// user not existed
$stmt->close();
return false;
}
}
/**
* Encrypting password
* @param password
* returns salt and encrypted password
*/
public function hashSSHA($password) {
$salt = sha1(rand());
$salt = substr($salt, 0, 10);
$encrypted = base64_encode(sha1($password . $salt, true) . $salt);
$hash = array("salt" => $salt, "encrypted" => $encrypted);
return $hash;
}
/**
* Decrypting password
* @param salt, password
* returns hash string
*/
public function checkhashSSHA($salt, $password) {
$hash = base64_encode(sha1($password . $salt, true) . $salt);
return $hash;
}
}
?>
代码我想修改以适应教程说明:
Codes I want to modify to fit tutorials explanation:
<pre lang="PHP">else {
$passwordTest=false ;
//If strong password exists
$salt=$row["passwordStrongSalt"] ;
$passwordStrong=$row["passwordStrong"] ;
if ($passwordStrong!="" AND $salt!="") {
if (hash("sha256", $row["passwordStrongSalt"].$password)==$row["passwordStrong"]) {
$passwordTest=true ;
}
}
//If only weak password exists
else if ($row["password"]!="") {
if ($row["password"]==md5($password)) {
$passwordTest=true ;
//Migrate to strong password
$salt=getSalt() ;
$passwordStrong=hash("sha256", $salt.$password) ;
try {
$dataSecure=array("passwordStrong"=> $passwordStrong, "passwordStrongSalt"=> $salt, "username"=> $username );
$sqlSecure="UPDATE gibbonPerson SET password='', passwordStrong=:passwordStrong, passwordStrongSalt=:passwordStrongSalt WHERE (username=:username)";
$resultSecure=$connection2->prepare($sqlSecure);
$resultSecure->execute($dataSecure);
}
catch(PDOException $e) {
$passwordTest=false ;
}
}
我的尝试:
替换哈希语句,但api不起作用。有更好的方法吗?
What I have tried:
To replace the hash statement but the api is not working. Is there a better way?
推荐答案
conn ;
// 构造函数
函数__construct(){
require_once ' DB_Connect.php';
// 连接数据库
conn; // constructor function __construct() { require_once 'DB_Connect.php'; // connecting to database
db = new Db_Connect();
db = new Db_Connect();
this- > conn =
this->conn =
这篇关于如何使用android API修改salt以进行webservice开发...的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
