Php 数据库密码检查
因此,我有以下代码:Php 数据库密码检查,php,sql,database,login,Php,Sql,Database,Login,因此,我有以下代码: <?php mysql_connect("HOSTADDRESS", "USERNAME", "PASS") or die(mysql_error()); mysql_select_db("DATABASENAME") or die(mysql_error()); //Checks if there is a login cookie; if(isset($_COOKIE["ID_my_site"]))
<?php
mysql_connect("HOSTADDRESS", "USERNAME", "PASS") or die(mysql_error());
mysql_select_db("DATABASENAME") or die(mysql_error());
//Checks if there is a login cookie;
if(isset($_COOKIE["ID_my_site"]))
//If there is, it logs you in and directs you to the member page
{
$username = $_COOKIE["ID_my_site"];
$pass = $_COOKIE["ID_my_site"];
$check = mysql_query("SELECT * FROM userdata WHERE emailaddress = '$emailaddress'") or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info["password"])
{
}
else
{
header("Location: members.php");
}
}
}
//If the login form is submitted;
if (isset($_POST["submit"])) { //If form has been submitted
//Makes sure they are filled in
if(!$_POST["emailaddress"] | !$_POST["pass"]) {
die("You did not fill in all required fields.");
}
//Checks it against the database;
if (!get_magic_quotes_gpc()) {
$_POST["email"] = addslashes($_POST["email"]);
}
$check = mysql_query("SELECT * FROM userdata WHERE emailaddress = '".$_POST["emailaddress"]."'") or die(mysql_error());
//Gives error if user doesn't exist;
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die("That users does not exist in our database. <a href=register.php>Click here to register</a>");
}
while($info = mysql_fetch_array( $check ))
{
$_POST["pass"] = stripslashes($_POST["pass"]);
$info["password"] = stripslashes($info["password"]);
$_POST["pass"] = md5($_POST["pass"]);
//Gives error if the password is wrong
if ($_POST["pass"] != $info["password"]) {
die("Incorrect password, please try again.");
}
else
{
//If login is ok then we add a cookie
$_POST["emailaddress"] = stripslashes($_POST["emailaddress"]);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST["emailaddress"], $hour);
setcookie(Key_my_site, $_POST["pass"], $hour);
//Then it redirects them to the members area
header("Location: members.php");
}
}
}
else
{
//If they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Email Address:</td><td>
<input type="text" name="emailaddress" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="12">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
if(!$\u POST[“emailaddress”]|!$\u POST[“pass”]){
使用|
,以便
if(!$\u POST[“emailaddress”]| |!$\u POST[“pass”]){
将您的代码粘贴到您的问题中,而不是粘贴在一个充斥着可怕广告的外部网站上。危险:您正在使用并且应该使用。您也容易受到现代API的攻击,这会使您更容易从中获得。您正在使用并且需要删除您用户的密码。您正在md5存储的密码上使用stripslash,并将其与鞭打柱子。