用户身份验证,无法识别西里尔字符

时间:2012-06-28 18:58:54

标签: php

我在使用西里尔字符在登录系统中插入用户名和密码时遇到问题。

密码被解码为SHA1,当我创建一个带有西里尔字符的用户时,它对我不起作用!

你能告诉我是否需要插入一些特别的东西吗?

代码:

<?php
define(DOC_ROOT,dirname(__FILE__)); // To properly get the config.php file
$username = $_POST['username']; //Set UserName
$password = $_POST['password']; //Set Password
$msg ='';
if(isset($username, $password)) {
ob_start();
include(DOC_ROOT.'/config.php'); //Initiate the MySQL connection
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($username);
$mypassword = stripslashes($password);
$myusername = mysqli_real_escape_string($dbC, $myusername);
$mypassword = mysqli_real_escape_string($dbC, $mypassword);
$sql="SELECT * FROM login_subadmin WHERE user_name='$myusername' and user_pass=SHA1('$mypassword')";
$result=mysqli_query($dbC, $sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "admin.php"
session_register("myusername");
session_register("mypassword");

header("location:index.php");
}
else {
$msg = "Wrong Username or Password. Please retry";
header("location:login.php?msg=$msg");
}
ob_end_flush();
}
else {
header("location:login.php?msg=Please enter some username and password");
}
?>

谢谢!

1 个答案:

答案 0 :(得分:0)

确保将数据库和代码+标头设置为以UTF-8格式处理页面。它必须是整个页面上的同一个字符集。你也可以使用PHP的哈希函数用于SHA1。

示例代码:

<?php
$myUsername=mysqli_real_escape_string($_POST['username']);
$password=$_POST['password'];
$msg="";

if(isset($username, $password))
{
    ob_start();
    include(DOC_ROOT.'/config.php'); //Initiate the MySQL connection

    $password=sha1($password);
    $result=mysqli_query("SELECT * FROM `login_subadmin` WHERE user_name='$myUsername' AND `user_pass`='$password'", $sql);

    // Mysql_num_row is counting table row
    $count=mysqli_num_rows($result);
}
?>

请记住,使用mysqli_real_escape_string()时哈希可能会得到不同的结果;在密码哈希中。如果你已经哈希:ed密码,只需在散列之前转义密码。