Fatal编程技术网
  • php/
  • can';t使用md5 php登录帐户

can';t使用md5 php登录帐户

php login

can';t使用md5 php登录帐户,php,login,md5,Php,Login,Md5,我有下面的代码,但我无法让用户登录到他们的帐户,在数据库中,其存储的密码长度为35。我让var_转储password变量,以查看插入的内容及其与数据库中存储的密码相同的值。任何帮助,谢谢 <?php include_once("config.php"); session_start(); $message = ""; if (isset($_POST['username'])) { $username = ($_POST['

我有下面的代码,但我无法让用户登录到他们的帐户,在数据库中,其存储的密码长度为35。我让var_转储password变量,以查看插入的内容及其与数据库中存储的密码相同的值。任何帮助,谢谢

<?php   
    include_once("config.php");
    session_start(); 
    $message = "";

    if (isset($_POST['username'])) {    
        $username = ($_POST['username']);
        $password =md5($_POST['password']);
        $password = ($password); 

        $sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
        $query = mysqli_query($conn, $sql);
        $row = mysqli_fetch_row($query);
        $userid = $row[0];
        $checkuser = $row[5];
        $checkpassword = $row[4];
        $type = $row[1];
        $name = $row[2];
        $surname = $row[3];

        if ($username != $checkuser || $password != $checkpassword) {
          $message = " username or password entered is incorrect.";
        }

        if ($username == $checkuser && $password == $checkpassword) {
            $_SESSION['username'] = $username;
            $_SESSION['type'] =$type;
            $_SESSION['name'] = $name;
            $_SESSION['surname'] = $surname;
            $_SESSION['userid'] =  $userid; 

           if($_SESSION['type'] == "admin") {
              header("Location: adminindex.php");
           } else {
              header("Location: index.php");
           }

        }   
    }
?>
您没有使用预先准备好的语句,这可能有问题,也可能没有问题,但您肯定会让自己接受SQL注入

<?php   
    include_once("config.php");
    session_start(); 
    $message = "";

    if (isset($_POST['username'])) {    
        $username = ($_POST['username']);
        $password =md5($_POST['password']);
        $password = ($password); 

        $sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
        $query = mysqli_query($conn, $sql);
        $row = mysqli_fetch_row($query);
        $userid = $row[0];
        $checkuser = $row[5];
        $checkpassword = $row[4];
        $type = $row[1];
        $name = $row[2];
        $surname = $row[3];

        if ($username != $checkuser || $password != $checkpassword) {
          $message = " username or password entered is incorrect.";
        }

        if ($username == $checkuser && $password == $checkpassword) {
            $_SESSION['username'] = $username;
            $_SESSION['type'] =$type;
            $_SESSION['name'] = $name;
            $_SESSION['surname'] = $surname;
            $_SESSION['userid'] =  $userid; 

           if($_SESSION['type'] == "admin") {
              header("Location: adminindex.php");
           } else {
              header("Location: index.php");
           }

        }   
    }
?>
准备好的语句示例:

<?php   
    include_once("config.php");
    session_start(); 
    $message = "";

    if (isset($_POST['username'])) {    
        $username = ($_POST['username']);
        $password =md5($_POST['password']);
        $password = ($password); 

        $sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
        $query = mysqli_query($conn, $sql);
        $row = mysqli_fetch_row($query);
        $userid = $row[0];
        $checkuser = $row[5];
        $checkpassword = $row[4];
        $type = $row[1];
        $name = $row[2];
        $surname = $row[3];

        if ($username != $checkuser || $password != $checkpassword) {
          $message = " username or password entered is incorrect.";
        }

        if ($username == $checkuser && $password == $checkpassword) {
            $_SESSION['username'] = $username;
            $_SESSION['type'] =$type;
            $_SESSION['name'] = $name;
            $_SESSION['surname'] = $surname;
            $_SESSION['userid'] =  $userid; 

           if($_SESSION['type'] == "admin") {
              header("Location: adminindex.php");
           } else {
              header("Location: index.php");
           }

        }   
    }
?>

$stmt = $conn->prepare("SELECT * FROM user WHERE username =? AND password=?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
请参阅:

为什么要对这些值进行多次比较?哪个比较失败?请使用PHP来处理密码安全性。如果您使用的PHP版本低于5.5,则可以使用
密码\u hash()
。在散列之前,请确保您在它们上安装或使用任何其他清理机制。这样做会更改密码并导致不必要的额外编码。表示了解的语句。即使是这样也不安全!你真的不应该使用。你需要调试你的逻辑。有太多的地方你的if语句可能会以你不期望的方式进行计算。不符合。因此,删除这些后,你的代码不会回答OP。我同意@JayBlanchard,我看不出这是如何回答这个问题的,因为在评论中他们可能已经说过,他们可以接受SQL注入。就像我说的,这可能是问题所在,也可能不是问题所在。例如,如果用户名有撇号。我没有读评论。这一条都是你的@Pamblam OP已经被小妖精吃掉了。 
<?php   
    include_once("config.php");
    session_start(); 
    $message = "";

    if (isset($_POST['username'])) {    
        $username = ($_POST['username']);
        $password =md5($_POST['password']);
        $password = ($password); 

        $sql = "SELECT * FROM user WHERE username = '$username' && password='$password'";
        $query = mysqli_query($conn, $sql);
        $row = mysqli_fetch_row($query);
        $userid = $row[0];
        $checkuser = $row[5];
        $checkpassword = $row[4];
        $type = $row[1];
        $name = $row[2];
        $surname = $row[3];

        if ($username != $checkuser || $password != $checkpassword) {
          $message = " username or password entered is incorrect.";
        }

        if ($username == $checkuser && $password == $checkpassword) {
            $_SESSION['username'] = $username;
            $_SESSION['type'] =$type;
            $_SESSION['name'] = $name;
            $_SESSION['surname'] = $surname;
            $_SESSION['userid'] =  $userid; 

           if($_SESSION['type'] == "admin") {
              header("Location: adminindex.php");
           } else {
              header("Location: index.php");
           }

        }   
    }
?>