利用MD5加密数据库中的密码
2024-07-21 02:24:33
供稿:网友
net提供了进行数据加密类,下面就用例子进行说明如何使用md5进行数据加密。
首先,创建一个useraccount表,字段两个:username和password,类型分别为varchar(25)和binary(16),下面的asp.net代码就是创建用户时的具体实现:
<%@ import namespace="system.security.cryptography" %>
<%@ import namespace="system.text" %>
<%@ import namespace="system.data" %>
<%@ import namespace="system.data.sqlclient" %>
<script runat="server" language="vb">
sub createaccount(sender as object, e as eventargs)
'1. 创建连接
const strconnstring as string
strconnstring= "data source=.;initial catalog=test;user id=sa;password=;"
dim objconn as new sqlconnection(strconnstring)
'2. 创建command对象
dim strsql as string = _
"insert into useraccount(username,password) " & _
"values(@username, @password)"
dim objcmd as new sqlcommand(strsql, objconn)
'3. 创建参数
dim paramusername as sqlparameter
paramusername = new sqlparameter("@username", sqldbtype.varchar, 25)
paramusername.value = txtusername.text
objcmd.parameters.add(paramusername)
'加密密码字段
dim md5hasher as new md5cryptoserviceprovider()
dim hashedbytes as byte()
dim encoder as new utf8encoding()
hashedbytes = md5hasher.computehash(encoder.getbytes(txtpwd.text))
dim parampwd as sqlparameter
parampwd = new sqlparameter("@password", sqldbtype.binary, 16)
parampwd.value = hashedbytes
objcmd.parameters.add(parampwd)
'插入数据库
objconn.open()
objcmd.executenonquery()
objconn.close()
'redirect 其它页面
end sub
</script>
<form runat="server">
<h1>创建帐号:</h1>
用户名: <asp:textbox runat="server" id="txtusername"/>
<br/>
密码: <asp:textbox runat="server" id="txtpwd" textmode="password"/>
<p><asp:button runat="server" text="创建用户" onclick="createaccount"/></p>
</form>
下面是对用户进行验证的asp.net代码:
<%@ import namespace="system.security.cryptography" %>
<%@ import namespace="system.text" %>
<%@ import namespace="system.data" %>
<%@ import namespace="system.data.sqlclient" %>
<script runat="server" language="vb">
sub login(sender as object, e as eventargs)
'1. 创建连接
const strconnstring as string
strconnstring= "data source=.;initial catalog=test;user id=sa;password=;"
dim objconn as new sqlconnection(strconnstring)
'2. 创建command对象
dim strsql as string = "select count(*) from useraccount " & _
"where [email protected] and [email protected]"
dim objcmd as new sqlcommand(strsql, objconn)
'3. 创建参数
dim paramusername as sqlparameter
paramusername = new sqlparameter("@username", sqldbtype.varchar, 25)
paramusername.value = txtusername.text
objcmd.parameters.add(paramusername)
'加密密码
dim md5hasher as new md5cryptoserviceprovider()
dim hasheddatabytes as byte()
dim encoder as new utf8encoding()
hasheddatabytes = md5hasher.computehash(encoder.getbytes(txtpwd.text))
dim parampwd as sqlparameter
parampwd = new sqlparameter("@password", sqldbtype.binary, 16)
parampwd.value = hasheddatabytes
objcmd.parameters.add(parampwd)
'执行查询
objconn.open()
dim iresults as integer = objcmd.executescalar()
objconn.close()
if iresults = 1 then
'合法
else
'不合法
end if
end sub
</script>
<form runat="server">
<h1>登录:</h1>
用户名:<asp:textbox runat="server" id="txtusername"/><br/>
密 码:<asp:textbox runat="server" id="txtpwd" textmode="password"/>
<p><asp:button runat="server" text="登录" onclick="login"/>
</form>
下面是md5cryptoserviceprovider直接生成的例子:
<%@ import namespace="system.security.cryptography" %>
<%@ import namespace="system.text" %>
<script language="vb" runat="server">
sub displayencryptedtext(sender as object, e as eventargs)
if page.isvalid then
dim md5hasher as new md5cryptoserviceprovider()
dim hasheddatabytes as byte()
dim encoder as new utf8encoding()
hasheddatabytes = md5hasher.computehash(encoder.getbytes(txtpassword.text))
ltlresults.text = "<b>encrypted results</b><br /> the results are encrypted into " & _
"an array of 16 bytes. these 16 bytes contain the values:<p><ul>"
dim b as byte
for each b in hasheddatabytes
ltlresults.text &= "<li>" & b & "</li>"
next b
ltlresults.text &= "</ul>"
end if
end sub
</script>
<form runat="server">
enter a string:
<asp:textbox id="txtpassword" runat="server" />
<asp:requiredfieldvalidator runat="server" controltovalidate="txtpassword"
display="dynamic" errormessage="<i>you must provide a value here...</i>" />
<asp:regularexpressionvalidator runat="server" controltovalidate="txtpassword"
display="dynamic" errormessage="<i>the string must be 20 characters or less...</i>"
validationexpression="^.{1,20}$" />
<br />
<asp:button runat="server" text="view the string as encrypted text"
onclick="displayencryptedtext" />
<p>
<asp:literal runat="server" id="ltlresults" />
</form>
