有谁知道如何更改下面的登录脚本以使用PDO功能?
$username = $_POST['username'];
$password = $_POST['password'];
//connect to the database here
$username = mysql_real_escape_string($username);
$query = "SELECT password, salt
FROM users
WHERE username = '$username';";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such user exists
{
header('Location: login_form.php');
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
if($hash != $userData['password']) //incorrect password
{
header('Location: login_form.php');
}
$_SESSION['logged_in'] = true;
我目前使用下面的脚本,但它使用md5,上面的脚本使用散列密码和盐。正如您所看到的,上面的脚本不使用PDO功能,因此每次都会收到错误消息。
if (isset($_POST['username'], $_POST['password'])) {
$username = $_POST['username'];
$password = md5($_POST['password']);
if (empty($username) or empty($password)) {
$error = 'Who the hell are you?';
}else {
$query =$pdo->prepare("SELECT * FROM users WHERE user_name = ? AND user_password = ?");
$query->bindvalue(1, $username);
$query->bindvalue(2, $password);
$query->execute();
$num = $query->rowCOUNT();
if ($num == 1) {
$_SESSION['logged_in'] = true;
header('Location: index2.php');
exit();
} else {
$error = 'Wrong wrong wrong!';
}
}}
非常感谢任何帮助,谢谢!