[英]How to compare entered password in input login field with the md5 password stored in database?
UPDATE(已解決):以前我將密碼長度設置為15個字符,由於密碼已加密為md5,因此密碼長度應為32個字符。 現在工作正常。 感謝您的所有答案和建議。
下面是注冊php代碼。 該代碼可以正常工作,並且能夠在md5的數據庫中存儲密碼。
<html>
<?php
error_reporting(0);
if($_POST['submit'])
{
$name = mysql_real_escape_string($_POST['name']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password1 = mysql_real_escape_string($_POST['password1']);
$enc_password = md5($password);
if($name && $username && $password && $password1)
{
if(strlen($name)<30)
{
if(strlen($username)<10)
{
if(strlen($password)<15 || strlen($password)>6)
{
if($password == $password1)
{
require "dbc.php";
$query = mysql_query("INSERT INTO users VALUES ('$name','$username','$enc_password')");
echo "Registration Complete! <a href='index.php'>Click here to login</a>";
}
else
{
echo "Passwords must match";
}
}
else
{
echo "Your password must be between 6 and 15 characters";
}
}
else
{
echo "Your username is too long";
}
}
else
{
echo "Your name is too long";
}
}
else
{
echo "All fields are required";
}
}
?>
<form action="register.php" method="POST">
Name: <input type="text" name="name" value="<?php echo "$name"; ?>"> Max Length:30<p>
Username: <input type="text" name="username" value="<?php echo "$username"; ?>"> Max Length:10<p>
Password: <input type="password" name="password"> Max length:15<p>
Re-Enter Password: <input type="password" name="password1"><p>
<input type="submit" name="submit" value="Register">
</form>
<input type="button" value="<< Back to Login Area" onclick="window.location='../login%20and%20registration/members.php'">
</html>
以下是登錄php代碼。
<?php
session_start();
require "dbc.php";
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$enc_password = md5($password);
if($username&&$password)
{
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow!=0)
{
while($row = mysql_fetch_assoc($query))
{
$db_username = $row['username'];
$db_password = $row['password'];
}
if($username==$db_username&&$password==$db_password)
{
//echo "Logged in <a href='members.php'>Click here to enter the members area</a>";
$_SESSION['username']=$db_username;
header("location: members.php");
}
else
{
header("location: index.php?error=Incorrect Password");
}
}
else
{
header("location: index.php?error=That user doesn't exist");
}
}
else
{
header("location: index.php?error=All fields are required");
}
?>
問題是當我嘗試登錄時,我一直得到“錯誤密碼”。我認為從數據庫中檢索密碼有些問題。 有人可以幫忙嗎?
您需要$enc_password
使用$enc_password
而不是$password
:
if($username==$db_username&&$password==$db_password)
PS另外,如果您使用md5,則不要執行mysql_real_escape_string()
, md5
將更改您的字符串,並且所有注入將被刪除。
PPS使用PDO代替mysql_*
更新
此外,用戶名必須不區分大小寫,因此更好:
if(strcasecmp($username, $db_username)===0 && $password==$db_password)
更改
if($username==$db_username&&$password==$db_password)
至
if($username == $db_username && $enc_password == $db_password)
您正在使用$password
但應為$enc_password
您將$ password與$ db_password進行比較,而將$ enc_password與$ db_password進行比較。
if($username==$db_username&&$enc_password==$db_password)
在您的情況下,您應該像這樣比較
$password = md5($password);//change value entered of password to md5
if($username==$db_username&&$password==$db_password)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.