PHP md5密码不等于数据库md5密码
[英]PHP md5 password not equal to database md5 password
问题描述
So, I'm having this issue with my login script where the MD5 password stored in my MySQL database is decrypted and it will check if the password is equal to the one entered. 
因此,我的登录脚本遇到了这个问题,其中存储在我的MySQL数据库中的MD5密码被解密,它将检查该密码是否等于输入的密码。
My code is as follows: 我的代码如下:
if(isset($_POST['btn-login']))
{
$email = mysqli_real_escape_string($_POST['email']);
$upass = mysqli_real_escape_string($_POST['pass']);
$md5_pass = md5($upass);
$res = mysqli_query($con, "SELECT * FROM users WHERE email='$email'");
$row = mysqli_fetch_array($res, MYSQLI_ASSOC);
if($row['password'] == $md5_pass)
{
$_SESSION['user'] = $row['user_id'];
header("Location: profile.php");
}
else
{ ?>
<script>alert("Wrong details entered!");</script>
<?php
}
}
2 个解决方案
解决方案1
1 2015-06-24 11:27:25
Both the md5() will be same. 两者的md5()将相同。 You must check your column datatype and number of characters limit. 您必须检查列数据类型和字符数限制。
Check whether your database is having encrypted value. 检查您的数据库是否具有加密值。 Because you are comparing it with md5() value. 因为您正在将其与md5()值进行比较。
解决方案2
1 2015-06-24 11:35:16
Don't escape before performing md5 on the query. 在查询上执行md5之前不要逃脱。
Ankii's reply can also solve the issue if you have a varchar which is too small. 如果您的varchar太小,Ankii的回复也可以解决问题。
Also, use a better hashing system (sha512?). 另外,请使用更好的哈希系统(sha512?)。 Also, use salt. 另外,使用盐。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.