Php 密码与md5不匹配
您好,我是PHP新手,我正在尝试为用户创建一个简单的登录和注册功能。用户注册后,其详细信息将添加到数据库中,以便登录。但是现在,即使他的用户名和密码是正确的,它也不会登录 这是我的代码:Php 密码与md5不匹配,php,login,Php,Login,您好,我是PHP新手,我正在尝试为用户创建一个简单的登录和注册功能。用户注册后,其详细信息将添加到数据库中,以便登录。但是现在,即使他的用户名和密码是正确的,它也不会登录 这是我的代码: <?php if(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password
<?php
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM admin WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$email = $row['Email_Address'];
$_SESSION['Username'] = $username;
$_SESSION['Email_Address'] = $email;
$_SESSION['LoggedIn'] = 1;
echo "<h1>Success</h1>";
echo "<p>We are now redirecting you to the member area.</p>";
echo "<meta http-equiv='refresh' content='=2;index2.php' />";
header("Location: Home.php");
}
else
{
echo "<h1>Error {$password}</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"index2.php\">click here to try again</a>.</p>";
}
}
else
{?>
<h1>Member Login</h1>
<p>Please either login below, or <a href="register2.php">click here to register</a>.</p>
<form method="post" action="index2.php" name="loginform" id="loginform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
</form>
<?php }?>
正如在一篇评论中所指出的,您真的应该使用mysqli或PDO~ mysqlsql注入mysqlimd5$prehashed=true<?php
session_start();
$errors=array();
$prehashed=false;
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['username'], $_POST['password'] ) ){
/* Your db connection settings: change as appropriate */
$host = 'localhost';
$uname = 'xxx';
$pwd = 'xxx';
$db = 'xxx';
/* create mysqli object */
$conn = new mysqli( $host, $uname, $pwd, $db );
/* Create and prepare the sql */
$sql = 'select `username`,`email` from `admin` where `username`=? and `password`=?';
$stmt = $conn->prepare( $sql );
/* Bind the placeholders to the desired fields */
$stmt->bind_param( 'ss', $username, $password );
/* Populate the variables with POST data - with some minor filtering */
$username = trim( strip_tags( filter_input( INPUT_POST, 'username', FILTER_SANITIZE_STRING ) ) );
$password = trim( strip_tags( filter_input( INPUT_POST, 'password', FILTER_SANITIZE_STRING ) ) );
/* Pre-hased MD5 password? */
if( $prehashed ) $password = md5( $password );
/* Execute the query */
$result = $stmt->execute();
$stmt->bind_result( $user, $email );
/* If there is a match, set session vars and redirect */
if( $result ){
/* Get the records */
$stmt->fetch();
/* success? */
if( isset( $user, $email ) ){
$_SESSION['Username'] = $user;
$_SESSION['Email_Address'] = $email;
$_SESSION['LoggedIn'] = 1;
$conn->close();
header( 'location: home.php?username='.$user.'&email='.$email );
} else {
$conn->close();
$errors[]='<h1>Error</h1>';
$errors[]='<p>Sorry, your account could not be found. Please try again.</p>';
}
} else {
/* There was some sort of error, display results below form */
$conn->close();
$errors[]='<h1>Error</h1>';
$errors[]='<p>Sorry, your account could not be found. Please try again.</p>';
}
}
?>
<!doctype html>
<html>
<head>
<title>Member login</title>
<style>
form{
width:50%;
float:none;
margin:1rem auto;
}
label{
display:block;
width:80%;
float:none;
clear:both;
margin:1rem auto;
box-sizing:content-box;
padding:1rem;
}
label:before{
display:inline-block;
clear:none;
float:left;
width:20%;
content:attr(for)": ";
}
label > input{
clear:none;
float:left;
display:block;
}
</style>
</head>
<body>
<form method="post" name="loginform" enctype='application/x-www-form-urlencoded'>
<h1>Member Login</h1>
<p>Please either login below, or <a href="register2.php">click here to register</a>.</p>
<fieldset>
<label for="Username"><input type="text" name="username" id="username" /></label>
<label for="Password"><input type="password" name="password" id="password" /></label>
<input type="submit" name="login" id="login" value="Login" />
</fieldset>
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['username'], $_POST['password'] ) ){
if( !empty( $errors ) ) echo implode( PHP_EOL, $errors );
}
?>
</form>
</body>
</html>
会员登录
形式{
宽度:50%;
浮动:无;
保证金:1rem自动;
}
标签{
显示:块;
宽度:80%;
浮动:无;
明确:两者皆有;
保证金:1rem自动;
框大小:内容框;
填充:1rem;
}
标签:之前{
显示:内联块;
明确:无;
浮动:左;
宽度:20%;
内容:attr(for)“:”;
}
标签>输入{
明确:无;
浮动:左;
显示:块;
}
会员登录
请在下面登录,或
echo SELECT*,其中Username=“$Username.”和Password=“$Password.”“die