php - 如何将我插入的密码与 php 中的 md5 哈希进行比较

Question

我在简单的登录程序中工作，我输入我的密码并通过 MD5 哈希加密。但现在当我必须登录时，我不能去扔那个。我无法将我的登录密码与数据库中的 md5 哈希进行比较。

这就是我所做的，我把我在评论中使用的 md5。

<?php


if(isset($_SESSION['userid']) && isset($_REQUEST['action']) && $_REQUEST['action'] == 'logout')
{
    //We log him out by deleting the username and userid sessions
    unset($_SESSION['username'], $_SESSION['userid'], $_SESSION['name']);

    $flagLogoutMessage = true;

}
// Login Form Check here
$ousername = '';
//We check if the form has been sent
if(isset($_POST['username'], $_POST['pwd']))
{
    //We remove slashes depending on the configuration
    if(get_magic_quotes_gpc())
    {
        $ousername = stripslashes($_POST['username']);
        $username = mysql_real_escape_string(stripslashes($_POST['username']));
        $password = stripslashes($_POST['pwd']);
        //$password = MD5($password);
    }
    else
    {
        $username = mysqli_real_escape_string($conn, $_POST['username']);
        $password = $_POST['pwd'];
        //$password = MD5($password);

    }
    //We get the password of the user
    $req = mysqli_query($conn, 'select pwd,rec_id from user_master where username="'.$username.'" AND u_status="Y"');
    $dn = mysqli_fetch_array($req);
    //We compare the submited password and the real one, and we check if the user exists
    if($dn['pwd']==$password and mysqli_num_rows($req)>0)
    {
        //If the password is good, we dont show the form
        $form = false;
        //We save the user name in the session username and the user Id in the session userid
        $_SESSION['username'] = $_POST['username'];
        $_SESSION['userid'] = $dn['rec_id'];

        $select_name = mysqli_query($conn, 'select f_name,l_name from user_master where rec_id="'.$dn['rec_id'].'"');
        $dn = mysqli_fetch_array($select_name);
        if(mysqli_num_rows($select_name)>0)
        {
            $_SESSION['name'] = $dn['f_name']." ".$dn['l_name'];
            // $_SESSION['last_name'] = $dn['last_name'];
        }


        $flagLoginMessage = true;

    }
    else
    {
        //Otherwise, we say the password is incorrect.
        $form = true;
        $message = 'The username or password is incorrect or Your account is blocked by Admin';
    }
}
else
{
    $form = true;
}





?>

Answer 1

Maybe can use SQL

$password = md5($_POST['pwd']);
$req = mysqli_query($conn, 'select pwd,rec_id from user_master where username="'.$username.'" and pwd="'.$password.'" AND u_status="Y"');
if(mysqli_num_rows($req)>0)
{
echo "login OK";
}
else
{
echo "The username or password is incorrect";
}