can';t使用md5 php登录帐户
我有下面的代码,但我无法让用户登录到他们的帐户,在数据库中,其存储的密码长度为35。我让var_转储password变量,以查看插入的内容及其与数据库中存储的密码相同的值。任何帮助,谢谢can';t使用md5 php登录帐户,php,login,md5,Php,Login,Md5,我有下面的代码,但我无法让用户登录到他们的帐户,在数据库中,其存储的密码长度为35。我让var_转储password变量,以查看插入的内容及其与数据库中存储的密码相同的值。任何帮助,谢谢 <?php include_once("config.php"); session_start(); $message = ""; if (isset($_POST['username'])) { $username = ($_POST['
<?php
include_once("config.php");
session_start();
$message = "";
if (isset($_POST['username'])) {
$username = ($_POST['username']);
$password =md5($_POST['password']);
$password = ($password);
$sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($query);
$userid = $row[0];
$checkuser = $row[5];
$checkpassword = $row[4];
$type = $row[1];
$name = $row[2];
$surname = $row[3];
if ($username != $checkuser || $password != $checkpassword) {
$message = " username or password entered is incorrect.";
}
if ($username == $checkuser && $password == $checkpassword) {
$_SESSION['username'] = $username;
$_SESSION['type'] =$type;
$_SESSION['name'] = $name;
$_SESSION['surname'] = $surname;
$_SESSION['userid'] = $userid;
if($_SESSION['type'] == "admin") {
header("Location: adminindex.php");
} else {
header("Location: index.php");
}
}
}
?>
您没有使用预先准备好的语句,这可能有问题,也可能没有问题,但您肯定会让自己接受SQL注入
<?php
include_once("config.php");
session_start();
$message = "";
if (isset($_POST['username'])) {
$username = ($_POST['username']);
$password =md5($_POST['password']);
$password = ($password);
$sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($query);
$userid = $row[0];
$checkuser = $row[5];
$checkpassword = $row[4];
$type = $row[1];
$name = $row[2];
$surname = $row[3];
if ($username != $checkuser || $password != $checkpassword) {
$message = " username or password entered is incorrect.";
}
if ($username == $checkuser && $password == $checkpassword) {
$_SESSION['username'] = $username;
$_SESSION['type'] =$type;
$_SESSION['name'] = $name;
$_SESSION['surname'] = $surname;
$_SESSION['userid'] = $userid;
if($_SESSION['type'] == "admin") {
header("Location: adminindex.php");
} else {
header("Location: index.php");
}
}
}
?>
准备好的语句示例:
<?php
include_once("config.php");
session_start();
$message = "";
if (isset($_POST['username'])) {
$username = ($_POST['username']);
$password =md5($_POST['password']);
$password = ($password);
$sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($query);
$userid = $row[0];
$checkuser = $row[5];
$checkpassword = $row[4];
$type = $row[1];
$name = $row[2];
$surname = $row[3];
if ($username != $checkuser || $password != $checkpassword) {
$message = " username or password entered is incorrect.";
}
if ($username == $checkuser && $password == $checkpassword) {
$_SESSION['username'] = $username;
$_SESSION['type'] =$type;
$_SESSION['name'] = $name;
$_SESSION['surname'] = $surname;
$_SESSION['userid'] = $userid;
if($_SESSION['type'] == "admin") {
header("Location: adminindex.php");
} else {
header("Location: index.php");
}
}
}
?>
$stmt = $conn->prepare("SELECT * FROM user WHERE username =? AND password=?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
请参阅:为什么要对这些值进行多次比较?哪个比较失败?请使用PHP来处理密码安全性。如果您使用的PHP版本低于5.5,则可以使用
密码\u hash()
。在散列之前,请确保您在它们上安装或使用任何其他清理机制。这样做会更改密码并导致不必要的额外编码。表示了解的语句。即使是这样也不安全!你真的不应该使用。你需要调试你的逻辑。有太多的地方你的if语句可能会以你不期望的方式进行计算。不符合。因此,删除这些后,你的代码不会回答OP。我同意@JayBlanchard,我看不出这是如何回答这个问题的,因为在评论中他们可能已经说过,他们可以接受SQL注入。就像我说的,这可能是问题所在,也可能不是问题所在。例如,如果用户名有撇号。我没有读评论。这一条都是你的@Pamblam OP已经被小妖精吃掉了。
<?php
include_once("config.php");
session_start();
$message = "";
if (isset($_POST['username'])) {
$username = ($_POST['username']);
$password =md5($_POST['password']);
$password = ($password);
$sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($query);
$userid = $row[0];
$checkuser = $row[5];
$checkpassword = $row[4];
$type = $row[1];
$name = $row[2];
$surname = $row[3];
if ($username != $checkuser || $password != $checkpassword) {
$message = " username or password entered is incorrect.";
}
if ($username == $checkuser && $password == $checkpassword) {
$_SESSION['username'] = $username;
$_SESSION['type'] =$type;
$_SESSION['name'] = $name;
$_SESSION['surname'] = $surname;
$_SESSION['userid'] = $userid;
if($_SESSION['type'] == "admin") {
header("Location: adminindex.php");
} else {
header("Location: index.php");
}
}
}
?>