php - 使用 md5() 对密码进行散列并将其存储到数据库后，无法再次登录

Question

我之前建立了一个登录和注册系统，运行良好。当我使用md5()哈希输入密码并将其存储到数据库后，它无法再登录了。所以大家请看我的代码，这样我就可以知道出了什么问题..这是我的代码..

注册.php

include ('config.php');

$errors=array();   

if ($_SERVER["REQUEST_METHOD"] == "POST"){
  $username=htmlentities($_POST['username']);
  $password=htmlentities($_POST['password']);
  $email=htmlentities($_POST['email']);
  $cpassword=htmlentities($_POST['cpassword']);
    //not empty
    //at least 3 characters long
    //username and password cannot be same

    //start the validation

    //check the username
    if(empty($_POST['username'])){
        $errors['username1'] = "Required fields";
    }

    else if (strlen($username)<6 ) {
        $errors['username2'] = "Username should at least 6 characters long";
    }

    else if (!preg_match('/^[a-z\d_]{3,20}$/i', $username)) {
        $errors['username3'] = "Username should contain letters and numbers only.";
    }

    //check the password
    if (empty($_POST['password'])){
        $errors['password1'] ="Required fields";
    }
    else if (strlen($password) <8) {
        $errors['password2'] ="Password should at least 8 characters long";
    }

    else if(!preg_match('/^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{8,20}$/', $password)){
        $errors['password3'] ="Password should contain at least 1 upper-case,1 lower-case,numbers ";
    }

    //check the password confirmation
    if(empty($cpassword)) {
        $errors["cpassword2"] = "Must confirm your password to proceed";
    }

    if($password != $cpassword){
        $errors['cpassword1']="Password do not match";
    }

    //check whether username or password is same
    if($username == $password){
        $errors['sameuserpass'] ="Username and password cannot be same";
    }


    //check the email
    if (empty($_POST['email'])){
        $errors['email1'] = "Required fields";
    }

    else if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
        $errors['email3'] ="Please enter a vaild email address";
    }

    //check the errors
    if(count($errors) == 0){

    $query=mysqli_query($con,"SELECT * FROM user WHERE Username='$username'");
    $query1=mysqli_query($con,"SELECT*FROM user WHERE Email='$email'");
       if(mysqli_num_rows($query) > 0) {
           $errors['userexist'] ="Username already exists";
       } 

       else if(mysqli_num_rows($query1) > 0){
           $errors['emailexist'] = "Email already already exists";
       }

       else {
            //HASHING THE PASSWORD
           $password = md5($password);

            $queryinsert= "INSERT INTO user(Username,Password,Email) VALUES ('$username','$password','$email')";
            mysqli_query($con,$queryinsert);

            header("Location:login.php");
       }

    }
}

登录.php

<?php
include('config.php');

    session_start();

    $errors=array();

 if ($_SERVER["REQUEST_METHOD"] == "POST"){

    $email = htmlentities($_POST['email']);
    $password = htmlentities(md5($_POST['password']));

    if($email&&$password){

        //declare variable

        $query = mysqli_query($con,"SELECT * FROM user WHERE Email='$email' ");
        $numrows = mysqli_num_rows($query);

        //when user correct input,check the data 
        if($numrows !== 0) {
            while($row=mysqli_fetch_assoc($query)){
                $dbemail=$row['Email'];
                $dbpassword=$row['Password'];
            }


            if($dbemail === $email&&$dbpassword === $password)
            {
                $_SESSION['email']="$email";
                header('Location:user.html');
                exit;
            }

            else
            {
                $errors['notcorrect'] = "Email or password not correct";
            }
        } 
        //when insert wrong data
        else{
            $errors['notexists'] = "This email doesn't exists";
        }
    }
    //when user didnt enter anything
    else{
        $errors['nothing'] = "Please enter your email and password";
    }
}

?>

我成功地将散列的密码存储到数据库中，但问题是尽管电子邮件地址和密码正确，但无法再次登录。有什么想法吗？

Answer 1

注册.php

include ('config.php');

$errors=array();   

if ($_SERVER["REQUEST_METHOD"] == "POST"){
$username=mysqli_real_escape_string($con,$_POST['username']);
$password=mysqli_real_escape_string($con,$_POST['password']);
$email=mysqli_real_escape_string($con,$_POST['email']);
$cpassword=mysqli_real_escape_string($con,$_POST['cpassword']);
//not empty
//at least 3 characters long
//username and password cannot be same

//start the validation

//check the username
if(empty($_POST['username'])){
    $errors['username1'] = "Required fields";
}

else if (strlen($username)<6 ) {
    $errors['username2'] = "Username should at least 6 characters long";
}

else if (!preg_match('/^[a-z\d_]{3,20}$/i', $username)) {
    $errors['username3'] = "Username should contain letters and numbers only.";
}

//check the password
if (empty($_POST['password'])){
    $errors['password1'] ="Required fields";
}
else if (strlen($password) <8) {
    $errors['password2'] ="Password should at least 8 characters long";
}

else if(!preg_match('/^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{8,20}$/', $password)){
    $errors['password3'] ="Password should contain at least 1 upper-case,1 lower-case,numbers ";
}

//check the password confirmation
if(empty($cpassword)) {
    $errors["cpassword2"] = "Must confirm your password to proceed";
}

if($password != $cpassword){
    $errors['cpassword1']="Password do not match";
}

//check whether username or password is same
if($username == $password){
    $errors['sameuserpass'] ="Username and password cannot be same";
}


//check the email
if (empty($_POST['email'])){
    $errors['email1'] = "Required fields";
}

else if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
    $errors['email3'] ="Please enter a vaild email address";
}

//check the errors
if(count($errors) == 0){

$query=mysqli_query($con,"SELECT * FROM user WHERE Username='$username'");
$query1=mysqli_query($con,"SELECT*FROM user WHERE Email='$email'");
   if(mysqli_num_rows($query) > 0) {
       $errors['userexist'] ="Username already exists";
   } 

   else if(mysqli_num_rows($query1) > 0){
       $errors['emailexist'] = "Email already already exists";
   }

   else {
        //HASHING THE PASSWORD
       $password = md5($password);

        $queryinsert= "INSERT INTO user(Username,Password,Email) VALUES ('$username','$password','$email')";
        mysqli_query($con,$queryinsert);

        header("Location:login.php");
   }

}
}

登录.php

include('config.php');

session_start();

$errors=array();

if ($_SERVER["REQUEST_METHOD"] == "POST"){

$email = mysqli_real_escape_string($con,$_POST['email']);
$password = mysqli_real_escape_string($con,$_POST['password']);
$password  = md5($password);
if($email&&$password){

    //declare variable

    $query = mysqli_query($con,"SELECT * FROM user WHERE Email='$email' ");
    $numrows = mysqli_num_rows($query);

    //when user correct input,check the data 
    if($numrows != 0) {
        while($row=mysqli_fetch_assoc($query)){
            $dbemail=$row['Email'];
            $dbpassword=$row['Password'];
        }


        if($dbemail == $email && $dbpassword == $password)
        {
            $_SESSION['email']="$email";
            header('Location:user.html');
            exit;
        }

        else
        {
            $errors['notcorrect'] = "Email or password not correct";
        }
    } 
    //when insert wrong data
    else{
        $errors['notexists'] = "This email doesn't exists";
    }
}
//when user didnt enter anything
else{
    $errors['nothing'] = "Please enter your email and password";
}
}