Question

我设置了signup.php，密码为md5加密，当我在phpmyadmin检查它时它工作正常，但是当我将md5应用于login.php它不符合密码？它说总是错误的密码可能是语法，但无法弄清楚......

signup.php

if (isset($_POST['user']))
{
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);

    if ($user == "" || $pass == "")
        $error = "Not all fields were entered<br /><br />";
    else
    {
        if (mysql_num_rows(queryMysql("SELECT * FROM members
              WHERE user='$user'")))
            $error = "That username already exists<br /><br />";
        else
          {
            queryMysql("INSERT INTO members VALUES('$user', '".md5('$pass')."')");
            die("<h4>Account created</h4>Please Log in.<br /><br />");
        }
    }
}

的login.php

if(isset($_POST['user'])) {
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);

    if ($user == "" || $pass == "") {
    $error = "Not all fields were entered<br />";
    } else {
        $query = "SELECT user,pass FROM members WHERE user = '$user' AND pass = \'\".md5('$pass').\"\'";

        if(mysql_num_rows(queryMysql($query)) == 0) {
            $error = "<span class='error'>Username/Password invalid</span><br /><br />";
        } else {
            $_SESSION['user'] = $user;
            $_SESSION['pass'] = $pass;
            die("You are now logged in. Please <a href='society.php?view=$user'>" . 
                "click here</a> to continue.<br /><br />");
            }
        }
    }

Answer 1

我认为有缺陷的部分来自

md5('$pass')

queryMysql("INSERT INTO members VALUES('$user', '".md5('$pass')."')");

因为你有一个未插入的字符串 - 尝试使用：

queryMysql("INSERT INTO members VALUES('$user', '".md5($pass)."')");

md5密码不匹配

1 个答案: