Php 密码与md5不匹配
您好,我是PHP新手,我正在尝试为用户创建一个简单的登录和注册功能。用户注册后,其详细信息将添加到数据库中,以便登录。但是现在,即使他的用户名和密码是正确的,它也不会登录 这是我的代码:Php 密码与md5不匹配,php,login,Php,Login,您好,我是PHP新手,我正在尝试为用户创建一个简单的登录和注册功能。用户注册后,其详细信息将添加到数据库中,以便登录。但是现在,即使他的用户名和密码是正确的,它也不会登录 这是我的代码: <?php if(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password
<?php
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM admin WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$email = $row['Email_Address'];
$_SESSION['Username'] = $username;
$_SESSION['Email_Address'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='=2;index2.php' />";
header("Location: Home.php");
}
else
{
echo "<h1>Error {$password}</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"index2.php\">click here to try again</a>.</p>";
}
}
else
{?>
<h1>Member Login</h1>
<p>Please either login below, or <a href="register2.php">click here to register</a>.</p>
<form method="post" action="index2.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
</form>
<?php }?>
正如在一篇评论中所指出的,您真的应该使用mysqli或PDO~ mysql
扩展现在已经被弃用,在防范可怕的sql注入
攻击方面几乎没有提供什么安全性。下面的代码使用了mysqli
,并且已经使用纯文本密码(如当前所示)和md5
哈希版本进行了测试
如果数据库以预先散列的md5格式存储用户密码,则设置$prehashed=true
<?php
session_start();
$errors=array();
$prehashed=false;
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['username'], $_POST['password'] ) ){
/* Your db connection settings: change as appropriate */
$host = 'localhost';
$uname = 'xxx';
$pwd = 'xxx';
$db = 'xxx';
/* create mysqli object */
$conn = new mysqli( $host, $uname, $pwd, $db );
/* Create and prepare the sql */
$sql = 'select `username`,`email` from `admin` where `username`=? and `password`=?';
$stmt = $conn->prepare( $sql );
/* Bind the placeholders to the desired fields */
$stmt->bind_param( 'ss', $username, $password );
/* Populate the variables with POST data - with some minor filtering */
$username = trim( strip_tags( filter_input( INPUT_POST, 'username', FILTER_SANITIZE_STRING ) ) );
$password = trim( strip_tags( filter_input( INPUT_POST, 'password', FILTER_SANITIZE_STRING ) ) );
/* Pre-hased MD5 password? */
if( $prehashed ) $password = md5( $password );
/* Execute the query */
$result = $stmt->execute();
$stmt->bind_result( $user, $email );
/* If there is a match, set session vars and redirect */
if( $result ){
/* Get the records */
$stmt->fetch();
/* success? */
if( isset( $user, $email ) ){
$_SESSION['Username'] = $user;
$_SESSION['Email_Address'] = $email;
$_SESSION['LoggedIn'] = 1;
$conn->close();
header( 'location: home.php?username='.$user.'&email='.$email );
} else {
$conn->close();
$errors[]='<h1>Error</h1>';
$errors[]='<p>Sorry, your account could not be found. Please try again.</p>';
}
} else {
/* There was some sort of error, display results below form */
$conn->close();
$errors[]='<h1>Error</h1>';
$errors[]='<p>Sorry, your account could not be found. Please try again.</p>';
}
}
?>
<!doctype html>
<html>
<head>
<title>Member login</title>
<style>
form{
width:50%;
float:none;
margin:1rem auto;
}
label{
display:block;
width:80%;
float:none;
clear:both;
margin:1rem auto;
box-sizing:content-box;
padding:1rem;
}
label:before{
display:inline-block;
clear:none;
float:left;
width:20%;
content:attr(for)": ";
}
label > input{
clear:none;
float:left;
display:block;
}
</style>
</head>
<body>
<form method="post" name="loginform" enctype='application/x-www-form-urlencoded'>
<h1>Member Login</h1>
<p>Please either login below, or <a href="register2.php">click here to register</a>.</p>
<fieldset>
<label for="Username"><input type="text" name="username" id="username" /></label>
<label for="Password"><input type="password" name="password" id="password" /></label>
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['username'], $_POST['password'] ) ){
if( !empty( $errors ) ) echo implode( PHP_EOL, $errors );
}
?>
</form>
</body>
</html>
会员登录
形式{
宽度:50%;
浮动:无;
保证金:1rem自动;
}
标签{
显示:块;
宽度:80%;
浮动:无;
明确:两者皆有;
保证金:1rem自动;
框大小:内容框;
填充:1rem;
}
标签:之前{
显示:内联块;
明确:无;
浮动:左;
宽度:20%;
内容:attr(for)“:”;
}
标签>输入{
明确:无;
浮动:左;
显示:块;
}
会员登录
请在下面登录,或
您不应该使用mysql_*函数,也不应该使用md5()作为密码。我们已经解决了这个问题,你如何拯救那些用户?你确定你在将密码存储到数据库中时以相同的方式对密码进行编码吗?从管理员那里回显你的查询,如echo SELECT*,其中Username=“$Username.”和Password=“$Password.”“die
,然后运行文件并复制查询,并在mysql中检查相同的内容…..让我知道。我强烈建议阅读”“。请显示您的数据库md5密码和您的登录md5密码。”password@Andrius我使用md5是因为它只是我作业的基本加密。我想是的,因为我已经将$password与$password的md5进行了比较。谢谢,我意识到我需要将我的密码与数据库中的哈希密码进行比较。