Fatal编程技术网
  • php/
  • Php 数据库密码检查

Php 数据库密码检查

php sql database login

Php 数据库密码检查,php,sql,database,login,Php,Sql,Database,Login,因此,我有以下代码: <?php mysql_connect("HOSTADDRESS", "USERNAME", "PASS") or die(mysql_error()); mysql_select_db("DATABASENAME") or die(mysql_error()); //Checks if there is a login cookie; if(isset($_COOKIE["ID_my_site"]))

因此,我有以下代码:

    <?php

    mysql_connect("HOSTADDRESS", "USERNAME", "PASS") or die(mysql_error());

    mysql_select_db("DATABASENAME") or die(mysql_error());

    //Checks if there is a login cookie;

    if(isset($_COOKIE["ID_my_site"]))

        //If there is, it logs you in and directs you to the member page

    {

        $username = $_COOKIE["ID_my_site"];

        $pass = $_COOKIE["ID_my_site"];

        $check = mysql_query("SELECT * FROM userdata WHERE emailaddress = '$emailaddress'") or die(mysql_error());

        while($info = mysql_fetch_array( $check ))

        {

            if ($pass != $info["password"])

            {

            }

            else

            {

                header("Location: members.php");

            }
        }

    }

    //If the login form is submitted;

    if (isset($_POST["submit"])) { //If form has been submitted

        //Makes sure they are filled in

        if(!$_POST["emailaddress"] | !$_POST["pass"]) {

            die("You did not fill in all required fields.");

        }

        //Checks it against the database;

        if (!get_magic_quotes_gpc()) {

            $_POST["email"] = addslashes($_POST["email"]);

        }

        $check = mysql_query("SELECT * FROM userdata WHERE emailaddress = '".$_POST["emailaddress"]."'") or die(mysql_error());

        //Gives error if user doesn't exist;

        $check2 = mysql_num_rows($check);

        if ($check2 == 0) {

            die("That users does not exist in our database. <a href=register.php>Click here to register</a>");

        }

        while($info = mysql_fetch_array( $check ))

        {

            $_POST["pass"] = stripslashes($_POST["pass"]);

            $info["password"] = stripslashes($info["password"]);

            $_POST["pass"] = md5($_POST["pass"]);

            //Gives error if the password is wrong

            if ($_POST["pass"] != $info["password"]) {

                die("Incorrect password, please try again.");

            }

            else

            {

                //If login is ok then we add a cookie

                $_POST["emailaddress"] = stripslashes($_POST["emailaddress"]);

                $hour = time() + 3600;

                setcookie(ID_my_site, $_POST["emailaddress"], $hour);

                setcookie(Key_my_site, $_POST["pass"], $hour);

                //Then it redirects them to the members area

                header("Location: members.php");

            }

        }

    }

    else

    {

        //If they are not logged in

        ?>

        <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

        <table border="0">

        <tr><td colspan=2><h1>Login</h1></td></tr>

        <tr><td>Email Address:</td><td>

        <input type="text" name="emailaddress" maxlength="60">

        </td></tr>

        <tr><td>Password:</td><td>

        <input type="password" name="pass" maxlength="12">

        </td></tr>

        <tr><td colspan="2" align="right">

        <input type="submit" name="submit" value="Login">

        </td></tr>

        </table>

        </form>

        <?php

    }

    ?>

if(!$\u POST[“emailaddress”]|!$\u POST[“pass”]){

使用
|
,以便


if(!$\u POST[“emailaddress”]| |!$\u POST[“pass”]){
将您的代码粘贴到您的问题中,而不是粘贴在一个充斥着可怕广告的外部网站上。危险:您正在使用并且应该使用。您也容易受到现代API的攻击,这会使您更容易从中获得。您正在使用并且需要删除您用户的密码。您正在md5存储的密码上使用stripslash,并将其与鞭打柱子。