使用MD5鑒別是否合法用戶 既然用戶密碼是按照MD5加密以后保存在數(shù)據(jù)庫中的,我們知道,MD5是單次加密算法,所以,不可能將加密以后的信息轉(zhuǎn)為明文,也就是說,已經(jīng)沒有辦法知道。這就出現(xiàn)一個(gè)問題,如果用戶使用賬號、密碼登錄,怎么知道用戶提供的密碼是否準(zhǔn)確呢? 這就不得不提到我們前文說到的MD5的特征,我們知道,任意一段明文數(shù)據(jù),經(jīng)過加密以后,其結(jié)果必須永遠(yuǎn)是不變的,也就是說,如果需要驗(yàn)證用戶密碼是否正確,只需要將用戶當(dāng)前提供的密碼使用MD5加密,然后和數(shù)據(jù)庫中保存的密碼字段比較就可以了。以下代碼就可以實(shí)現(xiàn)這個(gè)功能: <%@ Import Namespace="System.Security.Cryptography" %> <%@ Import Namespace="System.Text" %> <%@ Import Namespace="System.Data" %> <%@ Import Namespace="System.Data.SqlClient" %> <Script runat="server" language="VB"> Sub Login(sender as Object, e as EventArgs) '1. 建立數(shù)據(jù)庫連接 Const strConnString as String = "connection string" Dim objConn as New SqlConnection(strConnString) '2. 建立Command對象 Dim strSQL as String = "SELECT COUNT(*) FROM UserAccount " & _ "WHERE Username=@Username AND Password=@Password" Dim objCmd as New SqlCommand(strSQL, objConn) '3. SQL參數(shù) Dim paramUsername as SqlParameter paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25) paramUsername.Value = txtUsername.Text objCmd.Parameters.Add(paramUsername) '加密密碼信息 Dim md5Hasher as New MD5CryptoServiceProvider() Dim hashedDataBytes as Byte() Dim encoder as New UTF8Encoding() hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPwd.Text)) Dim paramPwd as SqlParameter paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16) paramPwd.Value = hashedDataBytes objCmd.Parameters.Add(paramPwd) objConn.Open() Dim iResults as Integer = objCmd.ExecuteScalar() objConn.Close() If iResults = 1 then '正確 Else '錯(cuò)誤 End If End Sub </script> <Form runat="server"> <h1>Login</h1> 用戶賬號: <asp:TextBox runat="server" id="txtUsername" /> <br />密碼: <asp:TextBox runat="server" id="txtPwd" TextMode="Password" /> <p><asp:Button runat="server" Text="Login" onClick="登錄" /> </form>
