如何在从登录表单发布之前加密密码? [英] How to encrypt password before post from login form?

查看:167
本文介绍了如何在从登录表单发布之前加密密码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在 yii 中有一个 Login 表单,它需要用户名密码。我的问题是密码是纯文本,所以它可能会导致安全问题。为此,在通过ajax提交表单之前,我有 md5 密码

I have a Login form in yii which required username and password. My problem is that password is plain text so it may cause security issue. For this i have md5 password before submitting form via ajax

<div class="form">
<?php $form=$this->beginWidget('CActiveForm', array(
    'id'=>'login-form',
    'enableAjaxValidation'=>true,
)); ?>

    <p class="note">Fields with <span class="required">*</span> are required.</p>

    <div class="row">
        <?php echo $form->labelEx($model,'username'); ?>
        <?php echo $form->textField($model,'username'); ?>
        <?php echo $form->error($model,'username'); ?>
    </div>

    <div class="row">
        <?php echo $form->labelEx($model,'password'); ?>
        <?php echo $form->passwordField($model,'password'); ?>
        <?php echo $form->error($model,'password'); ?>
        <p class="hint">
            Hint: You may login with <tt>demo/demo</tt>.
        </p>
    </div>

    <div class="row rememberMe">
        <?php echo $form->checkBox($model,'rememberMe'); ?>
        <?php echo $form->label($model,'rememberMe'); ?>
        <?php echo $form->error($model,'rememberMe'); ?>
    </div>

    <div class="row submit">
        <?php echo CHtml::submitButton('Login',array('id'=>'submit')); ?>
    </div>

<?php $this->endWidget(); ?>
</div><!-- form -->
<script>
$("#submit").click(function(){    

var password = $("#LoginForm_password").val();

$.ajax({
        type: 'POST', 
        url: '<?php echo Yii;;app()->createUrl("user/encrptpassword")?>',      
        data: {'password': password},         
        success:function(data){
         $("#LoginForm_password").val(data);
       }
    }); 

</script>



public function actionEncrptpassword(){

echo md5($_POST['password']);

}

但这也不是安全,因为ajax post数据在检查时也是可见的。

But this is also not safe as ajax post data is also visible on inspecting.

请让我知道我以前如何 encrpt 我的密码提交表单

Please let me know how can i encrpt my password before submit form

推荐答案

使用SSL,就是它的全部要点 http://clouldflare.com 为任何域名提供免费SSL。

Use SSL, that's the whole point of it. http://clouldflare.com gives free SSL for any domain.

这篇关于如何在从登录表单发布之前加密密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆