关于密码加密的一点解释。我没有得到这个的概念,所以我只是快速创建了一个简单的注册和登录脚本,以便当你看一看并修改它以便我能得到这个概念时,它可以更好地解释我在寻找什么。
registration.php
<?php
require("conf.php");
$username = $_POST['username'];
$password = $_POST['password'];
$telphone = $_POST['tel'];
$email = $_POST['email'];
// Here its where am lost, i wish to encrypt the password
// Be able to indicate user against their password on login
// Why refreshing the page is producing different encrypted password
// If anything will be needed to be added/removed or suggested don't hesitate to do so
$hash = crypt($password);
$sql = "INSERT INTO USERS
(username, password, telphone, email)
VALUES
('$username', '$hash', '$telphone', '$email')";
if (!mysqli_query($connection,$sql)){
die('Error: ' . mysqli_error($connection));
exit;
}
echo ("registration successful, please wait");
$url="login.php";
header("Refresh: 5; URL=$url");
?>
在下面的脚本中应包含/删除哪些内容,以便我们可以登录用户?
的login.php
<?php
$password = $_POST['password'];
$username = $_POST['username'];
require("conf.php");
$sql= mysqli_query($connection, "SELECT *
FROM USERS
WHERE
username='$username'
AND
password='$password'
LIMIT 0, 1");
$anymatches=mysqli_num_rows($sql);
if ($anymatches == 0){
echo ("Please Enter Collect Details");
exit;
}
while($row = mysqli_fetch_array($sql)){
$username = $row[username];
$id = $row[id];
}
echo ("you have successfully login as $username, please wait we are redirecting");
$url="index.php?name=$username&id=$id";
header("Refresh: 5; URL=$url");
exit;
?>
答案 0 :(得分:0)
$hash = crypt($password);
然后在你的登录查询中使用$ hash而不是$ password,例如
WHERE
username='$username'
AND
password='$hash'