Using php to create a password system with Chinese characters

Question

Using php to create a password system with Chinese characters

I have a problem with checking Chinese characters against other Chinese characters, for example, I create a simple password script that receives data from the database and receives user input via get.

The problem I ran into is for some reason, even though the characters look exactly the same when you echo them, the if statement still thinks they are different.

I tried to use the htmlentities () function to encode characters, the password from the database encodes beautifully, giving me a working & # 35441; "(I put a space there to stop it from switching to a Chinese character!).

Another user input value gives me tons of funny characters. The only thing that, in my opinion, should break it, is encoded differently, and so php thinks these are 2 completely different lines.

Does anyone have any ideas?
Thanks in advance,
Will it

Edit:
Thanks for the quick answers guys, I'm going to look at the encoding order of the database in UTF-8, however at the moment the results from the database are not a problem, they encode htmlentities correctly, these are the results that I get from $ _GET, which causes problems.

Cheers
Will it

+4

php utf-8 html-entities

Willdonohoe Apr 14 '10 at 12:57

source share

4 answers

acrosman · Answer 1 · 2010-04-14T13:02:00+0000

For passwords, my advice does not make a direct comparison, because it means that you store passwords in a box. At the very least, run them through a hash like MD5 or SHA (preferably with salt) before storing them. Then you just need to compare the hash values, which are usually Hex values, so you shouldn't cause any encoding problems.

For values without a password, it looks like your database and PHP do not have the same encoding, so they do not match properly. If MySQL stores them the way you want, try a comparison (instead of returning the values first), which should avoid 1 of the passages through a change in encoding, which is likely to be a problem.

Arkh · Answer 2 · 2010-04-14T13:03:05+0000

If you want to store passwords, read the following: what you need to know about secure password schemes .

After reading your root problem, there seems to be some character encoding that you get from the user and what you get from your database. If you use Mysql and utf-8 encoding, do you first use the SET names "utf-8" query?

Hanseh · Answer 3 · 2010-04-14T13:16:07+0000

Saving values using SHA1 and MD5 may solve your problem, as another stated. It is also a safe process. Here is a snippet of code to help you.

 public function getHashedPassword() { $salt = 'mysalt'; return sprintf( "%d%s",$salt,sha1( sprintf( "%d%s", $salt,$this->_rawPassword) )); }

After comparison, rephrase the password and compare it with the stored hashed password in your database. This can fix the encoding problem.

aaaaaaaaaaaaa · Answer 4 · 2010-04-14T13:25:43+0000

Since you should still store the password hashes, not the passwords themselves, this may be part of the solution. You save a hash, not a password, and therefore have no database problems.

However, there may be differences in how different browsers encode the strings they represent. This is not something that I really love, but you have to make sure you find a solution that does the same line in all browsers. Installing accept-charset on utf-8 is a connoisseur, you might also want to mess up enctype.

Using php to create a password system with Chinese characters

More articles: