[英]What's wrong with my login form code?
I got this code as part of my login form, but I tried and I can still login without even using a password. 我在登录表单中获得了此代码,但是尝试了一下,即使不使用密码也可以登录。 I changed everything to be case sensitive, my code seems to have no syntax errors, and I'm stumped.
我将所有内容更改为区分大小写,我的代码似乎没有语法错误,并且感到很困惑。
if ($_POST['login']) {
$query= "SELECT * FROM users WHERE email='".mysqli_real_escape_string($link, $_POST['loginemail'])."' AND password='".md5(md5($_POST['loginemail'])+$_POST['loginpassword'])."' LIMIT 1";
$result= mysqli_query($link, $query);
$row= mysqli_fetch_array($result);
if ($row) {
$_SESSION['id']= $row['id'];
header("location:mainpage.php");
} else {
$error= "We could not find any user with the submitted informations!";
}
}
kindly do the following in order to troubleshoot the above 请执行以下操作以解决上述问题
The above will most likely show the problem if not then do post the corresponding html 如果没有,上面的内容很可能会显示问题,然后发布相应的html
I see you have twice the login + password received in your query. 我发现您在查询中收到的登录名+密码是您的两倍。 Is encrypted twice is not an issue?
两次加密不是问题吗? One hash is enough.
一个哈希就足够了。 For security,
md5 ()
is not the best method, hash () is much better ( http://php.net/manual/fr/function.hash.php ). 为了安全起见,
md5 ()
并不是最好的方法,hash()更好( http://php.net/manual/fr/function.hash.php )。 Especially with sha512
for $algo
parameter. 尤其是对于
$algo
参数的sha512
。 If you mutlitplies md5
, the imprint will never be good. 如果您将
md5
了倍增,则标记永远不会是好的。 Example with md5()
: md5()
示例:
$query= "SELECT * FROM users
WHERE
email='".mysqli_real_escape_string($link, $_POST['loginemail'])."'
AND
password='".hash('md5', $_POST['loginemail']+$_POST['loginpassword'])."'
LIMIT 1";
Your not checked how many records are present in the result. 您没有检查结果中有多少条记录。 Replace your code with bellow code, will work fine.
用下面的代码替换您的代码,即可正常工作。
if ($_POST['login']) {
$query= "SELECT * FROM users WHERE email='".mysqli_real_escape_string($link, $_POST['loginemail'])."' AND password='".md5(md5($_POST['loginemail'])+$_POST['loginpassword'])."' LIMIT 1";
$result= mysqli_query($link, $query);
if ($result->num_rows==1) {
$row= mysqli_fetch_array($result);
$_SESSION['id']= $row['id'];
header("location:mainpage.php");
exit(0);//Best practice to quit the execution after done the page redirection.
} else {
$error= "We could not find any user with the submitted informations!";
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.