Question

我为我的网站创建了注册/登录系统。它加密/加密密码。问题是，要进入我的网站，我必须输入加密密码而不是我注册的实际密码。

Resgister.php

    <?php
include 'header inc.php';
$error = "";
if (@$_POST['register']) {
 $firstname = strip_tags($_POST['firstname']);
 $lastname = strip_tags($_POST['lastname']);
 $username = strip_tags($_POST['username']);
 $email = strip_tags($_POST['email']);
 $password1 = strip_tags($_POST['password']);
 $password2 = strip_tags($_POST['passwordrepeat']);

 $day = strip_tags($_POST['day']);
 $month = strip_tags($_POST['month']);
 $year = strip_tags($_POST['year']);
 $dob = "$day/$month/$year";

 if ($firstname == '') {
  echo "Firstname cannot be left empty.";
 }
 else if ($lastname == '') {
  echo "Lastname cannot be left empty.";
 }
 else if ($username == '') {
  echo  "Username cannot be left empty.";
 }
 else if ($email == '') {
  echo  "Email cannot be left empty.";
 }
 else if ($password1 == '') {
  echo  "Password cannot be left empty.";
 }
 else if ($password2 == '') {
  echo "Repeat Password cannot be left empty.";
 }
 else if ($day == '') {
  echo "The day you were born cannot be left empty.";
 }
 else if ($month == '') {
  echo "The month you were born cannot be left empty.";
 }
 else if ($year == '') {
  echo "The year you were born cannot be left empty.";
 }
 else {
 //Check the username doesn't already exist
 $check_username = mysql_query("SELECT username FROM users WHERE username='$username'");
 $numrows_username = mysql_num_rows($check_username);
 if ($numrows_username != 0) {
  echo 'That username has already been registered.';
 }
 else
 {
  $check_email = mysql_query("SELECT email FROM users WHERE email='$email'");
 $numrows_email = mysql_num_rows($check_email);
 if ($numrows_email != 0) {
  $error = 'That email has already been registered.';
 }
 else
 {
   $salt1 = "francis";
   $salt1 = md5($salt1);
   $salt2 = "cookie";
   $salt2 = md5($salt2);
   $salt3 = "php";
   $salt3 = md5($salt3);
   $password1 = $salt1.$password1.$salt3;
   $password1 = md5($password1.$salt2);
   $password2 = $salt1.$password2.$salt3;
   $password2 = md5($password2.$salt2);
 if ($password1 != $password2) {
 $error = 'The passwords don\'t match!';
 }
 else
 {
 //Register the user
 $register = mysql_query("INSERT INTO users VALUES('','$firstname','$lastname','$username','$email','$password1','$dob','no')");
 die('Regsitered successfully!');
 }
 }
 }
}
}
?>
<html>
<head></head>
<body>

<h2 style="color:#848484;">Create Your Account</h2>
<form action='join.php' method='POST'>
<input type='text' name='firstname'  onclick='value="" ' id='username1'/><p />
<input type='text' name='lastname'  onclick='value=""'id='username1'/><p />
<input type='text' name='username'onclick='value=""'id='username1'/><p />
<input type='text' name='email' onclick='value=""'id='username1'/><p />
<input type='text' name='password' onclick='value=""'id='username1'/><p />
<input type='text' name='passwordrepeat' onclick='value=""'id='username1'/><p />
<input type='text' name='day' value='' size='3' maxlength='2' onclick='value=""'id='username1'/>
<input type='text' name='month' value='' size='6' maxlength='2' onclick='value=""'id='username1'/>
<input type='text' name='year' value='' size='4' maxlength='4' onclick='value=""'id='username1'/><p />

<input type='submit' name='register' value='Create Your Account'id='submit1' />
<?php echo $error; ?>
</form>
<img src="StayConnected.jpg" id="sc" name="Post" >

Login.php

    <?php
include ( 'header inc.php' );
if (isset($_POST['username'])&&($_POST['password'])) {
  $username = strip_tags($_POST['username']);
  $password = strip_tags($_POST['password']);
 $check_username = mysql_query("SELECT username FROM users WHERE username='$username'");
 $numrows = mysql_num_rows($check_username);
 if ($numrows != 1) {
  echo 'That User doesn\'t exist.';
 }
 else
 {
  $check_password = mysql_query("SELECT password FROM users WHERE password='$password' && username='$username'");
  while ($row = mysql_fetch_assoc($check_password)) {
   $password_db = $row['password'];

   if ($password_db == $password) {
     $_SESSION['username'] = $username;
    header("Location: template.php");
   }
  }
 }
}

?>



<h2 style="color:#848484;">&nbsp&nbsp&nbsp&nbspLogin to Your Account</h2>
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<form action='login.php' method='POST'>
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type='text' name='username'  id="username1"/><p />
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type='text' name='password' id="username1"/><p />

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type='submit' name='submit' value='Login to my Account' id="submit1" />
</form>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>

<img src="StayConnected.jpg" id="sc" >

PHP / MYSQL登录错误？

0 个答案: