UPDATE(已解决):以前我将密码长度设置为15个字符,因为密码被加密为md5,所以它应该是32个字符。现在它工作正常。感谢所有的答案和建议。
下面是注册php代码。代码工作正常,能够在md5中将密码存储在数据库中。
<html>
<?php
error_reporting(0);
if($_POST['submit'])
{
$name = mysql_real_escape_string($_POST['name']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password1 = mysql_real_escape_string($_POST['password1']);
$enc_password = md5($password);
if($name && $username && $password && $password1)
{
if(strlen($name)<30)
{
if(strlen($username)<10)
{
if(strlen($password)<15 || strlen($password)>6)
{
if($password == $password1)
{
require "dbc.php";
$query = mysql_query("INSERT INTO users VALUES ('$name','$username','$enc_password')");
echo "Registration Complete! <a href='index.php'>Click here to login</a>";
}
else
{
echo "Passwords must match";
}
}
else
{
echo "Your password must be between 6 and 15 characters";
}
}
else
{
echo "Your username is too long";
}
}
else
{
echo "Your name is too long";
}
}
else
{
echo "All fields are required";
}
}
?>
<form action="register.php" method="POST">
Name: <input type="text" name="name" value="<?php echo "$name"; ?>"> Max Length:30<p>
Username: <input type="text" name="username" value="<?php echo "$username"; ?>"> Max Length:10<p>
Password: <input type="password" name="password"> Max length:15<p>
Re-Enter Password: <input type="password" name="password1"><p>
<input type="submit" name="submit" value="Register">
</form>
<input type="button" value="<< Back to Login Area" onclick="window.location='../login%20and%20registration/members.php'">
</html>
以下是登录php代码。
<?php
session_start();
require "dbc.php";
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$enc_password = md5($password);
if($username&&$password)
{
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow!=0)
{
while($row = mysql_fetch_assoc($query))
{
$db_username = $row['username'];
$db_password = $row['password'];
}
if($username==$db_username&&$password==$db_password)
{
//echo "Logged in <a href='members.php'>Click here to enter the members area</a>";
$_SESSION['username']=$db_username;
header("location: members.php");
}
else
{
header("location: index.php?error=Incorrect Password");
}
}
else
{
header("location: index.php?error=That user doesn't exist");
}
}
else
{
header("location: index.php?error=All fields are required");
}
?>
问题是当我尝试登录时,我一直收到“密码不正确”。我认为从数据库中检索密码是件事。有人可以帮忙吗?
答案 0 :(得分:3)
您需要在行中使用$enc_password代替$password:
if($username==$db_username&&$password==$db_password)
P.S。此外,如果您使用md5,则不要执行mysql_real_escape_string(),md5将更改您的字符串,并且所有注入都将被删除。
P.P.S。使用PDO代替mysql_*
<强>更新
此外,用户名必须不区分大小写,以便做得更好:
if(strcasecmp($username, $db_username)===0 && $password==$db_password)
答案 1 :(得分:0)
变化
if($username==$db_username&&$password==$db_password)
到
if($username == $db_username && $enc_password == $db_password)
您使用的是$password,但应该是$enc_password
答案 2 :(得分:0)
你要将$ password与$ db_password进行比较,而你应该将$ enc_password与$ db_password进行比较。
if($username==$db_username&&$enc_password==$db_password)
答案 3 :(得分:0)
在你的情况下,你应该像这样比较
$password = md5($password);//change value entered of password to md5
if($username==$db_username&&$password==$db_password)