0
我想执行修改密码功能,下面显示的是我迄今所做的代码和截图:更改密码功能的加密和解密?
private void Password_Change()
{
int rowsAffected = 0;
string query = "UPDATE staff_user SET staff_password = @newpassword WHERE staff_password = @staff_password";
string constr = ConfigurationManager.ConnectionStrings["dbyouthworkConnectionString"].ConnectionString;
ConfirmPassword.Text = Encrypt(ConfirmPassword.Text.Trim());
CurrentPassword.Text = Decrypt(CurrentPassword.Text.Trim());
using (MySqlConnection con = new MySqlConnection(constr))
{
using (MySqlCommand cmd = new MySqlCommand(query))
{
con.Open();
using (MySqlDataAdapter sda = new MySqlDataAdapter())
{
cmd.Parameters.AddWithValue("@staff_password",CurrentPassword.Text);
cmd.Parameters.AddWithValue("@newpassword", (ConfirmPassword.Text));
cmd.Connection = con;
rowsAffected = cmd.ExecuteNonQuery();
con.Close();
}
if (rowsAffected > 0)
{
Label1.ForeColor = System.Drawing.Color.Green;
Label1.Text = "Password has been changed successfully.";
}
else
{
Label1.ForeColor = System.Drawing.Color.Red;
Label1.Text = "Password does not match with our database records.";
}
if (CurrentPassword.Text == New_Password.Text)
{
Label1.ForeColor = System.Drawing.Color.Red;
Label1.Text = "Old Password and New Password cannot be the same !";
}
if (CurrentPassword.Text == ConfirmPassword.Text)
{
Label1.ForeColor = System.Drawing.Color.Red;
Label1.Text = "Old Password and New Password cannot be the same !";
}
}
}
}
private string Encrypt(string clearText)
{
string EncryptionKey = "MAKV2SPBNI99212";
byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
}
clearText = Convert.ToBase64String(ms.ToArray());
}
}
return clearText;
}
private string Decrypt(string cipherText)
{
string EncryptionKey = "MAKV2SPBNI99212";
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;
}[![enter image description here][1]][1]
我似乎无法看到我去哪里,因为我用户登录时使用了相同的解密功能,而用户创建帐户时使用了加密功能。
由于密码永远不会被存储(加密或纯文本),您的代码看起来很奇怪。请验证实际代码散列密码并且不加密它们,并且帖子中的代码仅仅是一些加密/解密的随机字段的样本。 –
@AlexeiLevenkov是什么让你觉得“密码永远不会被存储(加密或纯文本)”,肯定他们不应该是,但实际上他们都是经常。 – zaph
你不应该加密你的用户密码。你需要使用哈希,而不是一些强大的PBKDF2,bcrypt,scrypt和Argon2。由于散列函数是单向函数,因此您将无法“解密”散列。为了验证您的用户,您可以再次通过散列函数运行密码,以便与存储在数据库中的散列进行比较。查看更多:[如何安全地哈希密码?](http://security.stackexchange.com/q/211/45523) –