我有一个注册页面,它对密码进行哈希处理并将其存储在 MySQL 中。我在登录时遇到问题,PHP 无法识别用户名和密码。我已经搜索了答案,并尝试实现许多示例,但都没有奏效。下面是代码:
?php
session_start();
if(isset($_POST['insert'])){
// username and password sent from form
$hostname = "localhost";
$username = "root";
$password = "Passw0rk1";
$databaseName = "change_management";
$connect = mysqli_connect($hostname, $username, $password, $databaseName);
$user = $_POST['user'];
$passcode = $_POST['passcode'];
$sql = "SELECT * FROM admin WHERE username = '$user' and passcode ='".md5($passcode)."'";
$result = mysqli_query($connect,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result match $myusername and $mypassword, table row must be 1 row
if($count ==0) {
echo "Invalid Credentials";
}else {
我知道我输入的凭据存在于 SQL 中,但我在屏幕上收到“无效凭据”回显。
如果这里有问题,这里是注册页面:
?php
if(isset($_POST['insert']))
{
$hostname = "localhost";
$username = "root";
$password = "Passw0rk1";
$databaseName = "change_management";
$user = $_POST['user'];
$passcode = $_POST['passcode'];
$connect = mysqli_connect($hostname, $username, $password, $databaseName);
$sql = "INSERT INTO `admin` (`username`, `passcode`) VALUES('$user', '".md5('$passcode')."')";
$result = mysqli_query($connect,$sql);
if($result)
{
echo "Added successfully";
}
else{
echo $connect->error;
}
}
?>
最佳答案
您的代码不安全考虑使用 php 的 password_hash()和 password_verify()功能和prepared statements !
也许改变这一行。
$sql = "SELECT * FROM admin WHERE username = '$user' and passcode ='".md5('passcode')."'";
到
$sql = "SELECT * FROM admin WHERE username = '" . $user . "' and passcode ='".md5($passcode)."'";
在您的注册页面中该行
$sql = "INSERT INTO `admin` (`username`, `passcode`) VALUES('$user', '".md5('$passcode')."')";
应该是
$sql = "INSERT INTO `admin` (`username`, `passcode`) VALUES('" . $user . "', '".md5($passcode)."')";
但是 md5 并不安全,您应该考虑使用评论中所说的 password_hash。
关于PHP - 使用 MD5 和 MySQL 验证密码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42416113/