Возможный дубликат:
Безопасный хэш и соль для паролей PHP
Для шифрования пароля в php-файле я хочу перейти на sha256 или md5 вместо того, чтобы использовать sha1 для изучения онлайн, и говорят, что sha1 не настолько безопасен.
Как изменить файл php ?
<?php class DB_Functions { private $db; //put your code here // constructor function __construct() { require_once 'DB_Connect.php'; // connecting to database $this->db = new DB_Connect(); $this->db->connect(); } // destructor function __destruct() { } /** * Storing new user * returns user details */ public function storeUser($name, $nric, $email, $license, $address, $postal_code, $password) { $hash = $this->hashSSHA($password); $encrypted_password = $hash["encrypted"]; // encrypted password $salt = $hash["salt"]; // salt $result = mysql_query("INSERT INTO users(name, nric, email, license, address, postal_code, encrypted_password, salt, created_at) VALUES('$name', '$nric', '$email', '$license', '$address', '$postal_code', '$encrypted_password', '$salt', NOW())"); // check for successful store if ($result) { // get user details $uid = mysql_insert_id(); // last inserted id $result = mysql_query("SELECT * FROM users WHERE uid = $uid"); // return user details return mysql_fetch_array($result); } else { return false; } } /** * Get user by nric and password */ public function getUserByNricAndPassword($nric, $password) { $result = mysql_query("SELECT * FROM users WHERE nric = '$nric'") or die(mysql_error()); // check for result $no_of_rows = mysql_num_rows($result); if ($no_of_rows > 0) { $result = mysql_fetch_array($result); $salt = $result['salt']; $encrypted_password = $result['encrypted_password']; $hash = $this->checkhashSSHA($salt, $password); // check for password equality if ($encrypted_password == $hash) { // user authentication details are correct return $result; } } else { // user not found return false; } } /** * Check user is existed or not */ public function isUserExisted($nric) { $result = mysql_query("SELECT nric from users WHERE nric = '$nric'"); $no_of_rows = mysql_num_rows($result); if ($no_of_rows > 0) { // user existed return true; } else { // user not existed return false; } } /** * Encrypting password * @param password * returns salt and encrypted password */ public function hashSSHA($password) { $salt = sha1(rand()); //algorithm hash $salt = substr($salt, 0, 10); $encrypted = base64_encode(sha1($password . $salt, true) . $salt); $hash = array("salt" => $salt, "encrypted" => $encrypted); return $hash; } /** * Decrypting password * @param salt, password * returns hash string */ public function checkhashSSHA($salt, $password) { $hash = base64_encode(sha1($password . $salt, true) . $salt); return $hash; } } ?>