所以我试图用sha1哈希密码制作这个php脚本,但是登录/注册表单无法继续并且不会写入数据库。帮助小伙伴们)
我发布了4个文件,你可以看到所有内容。
config.php(删除了我的sql登录名/密码)
<?php
mysql_connect('my_host_name', 'my_username', 'my_password') or trigger_error("Unable to connect to the database: " . mysql_error());
mysql_select_db('my_database') or trigger_error("Unable to switch to the database: " . mysql_error());
require_once('functions.php');
$_SESSION['error'] = "Error";
$sOutput="";
?>
的functions.php
<?php
function createAccount($pUsername, $pPassword) {
if (!empty($pUsername) && !empty($pPassword)) {
$uLen = strlen($pUsername);
$pLen = strlen($pPassword);
$eUsername = mysql_real_escape_string($pUsername);
$sql = "SELECT username FROM users WHERE username = '" . $eUsername . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if ($uLen <= 4 || $uLen >= 11) {
$_SESSION['error'] = "Login must be more than 4 or less than 11 symbols";
}elseif ($pLen < 6) {
$_SESSION['error'] = "Password 6 symb.";
}elseif (mysql_num_rows($query) == 1) {
$_SESSION['error'] = "This login already exists.";
}else {
$sql = "INSERT INTO users (`username`, `password`) VALUES ('" . $eUsername . "', '" . $pPassword) . "');";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if ($query) {
return true;
}
}
}
return false;
}
$pPassword == sha1($pPassword);
function loggedIn() {
if (isset($_SESSION['loggedin']) && isset($_SESSION['username'])) {
return true;
}
return false;
}
function logoutUser() {
unset($_SESSION['username']);
unset($_SESSION['loggedin']);
return true;
}
function validateUser($pUsername, $pPassword) {
$sql = "SELECT username FROM users
WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . $pPassword . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if (mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = true;
return true;
}
return false;
}
?>
的login.php
<?php
session_start();
require('config.php');
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'login':
if (isset($_POST['username']) && isset($_POST['password'])) {
if (!validateUser($_POST['username'], $_POST['password'])) {
$_SESSION['error'] = "Wrong field.";
unset($_GET['action']);
}
}else {
$_SESSION['error'] = "To login.";
unset($_GET['action']);
}
break;
case 'logout':
if (loggedIn()) {
logoutUser();
$sOutput .= '<h1>Logged out!</h1><br />You have been logged out successfully.
<br /><h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
header('Location: login.php');
}else {
unset($_GET['action']);
}
break;
}
}
$sOutput .= '<div id="index-body">';
if (loggedIn()) {
$sOutput .= '<h1>Logged In!</h1><br /><br />
Hello, ' . $_SESSION["username"] . ' how are you today?<br /><br />
<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
header('Location: ../../os/desktop');
}elseif (!isset($_GET['action'])) {
$sUsername = "";
if (isset($_POST['username'])) {
$sUsername = $_POST['username'];
}
$sError = "";
if (isset($_SESSION['error'])) {
$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
}
$sOutput .= '
<div id="cent">
<table width="400" height="420">
<tr>
<td id="tops"> Go live </td>
</tr>
<tr>
<td id="bots"><div align="center"><div id="logs">
<div align="center">
<div id="login-form">
</br><div id="shows">' . $sError . '</div></br>
<form name="login" method="post" action="login.php?action=login" id="login">
<div id="shows">Login</div>
<input id="zero" type="text" name="username" value="' . $sUsername . '" /><br /></br>
<div id="shows">Password</div>
<input id="zero" type="password" name="password" value="" /><br /><br />
<input id="klac" type="submit" name="submit" value="Go in" onClick="clicksound.playclip()" onmouseover="mouseoversound.playclip()"/>
</form>
</div>
</div></div></div>
</td>
</tr>
</table>
</div>
';
}
$sOutput .= '</div>';
echo $sOutput;
?>
register.php
<?php
session_start();
require('config.php');
$sOutput .= '<div id="register-body">';
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'register':
if (isset($_POST['username']) && isset($_POST['password'])) {
if (createAccount($_POST['username'], $_POST['password'])) {
$sOutput .= '<h1>Account Created</h1><br />Your account has been created.
You can now login <a href="login.php">here</a>.';
header('Location: login.php');
}else {
unset($_GET['action']);
}
}else {
$_SESSION['error'] = "Wrong login/password";
unset($_GET['action']);
}
break;
}
}
if (loggedIn()) {
$sOutput .= '<h2>Already Registered</h2>
You have already registered and are currently logged in as: ' . $_SESSION['username'] . '.
<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}elseif (!isset($_GET['action'])) {
$sUsername = "";
if (isset($_POST['username'])) {
$sUsername = $_POST['username'];
}
$sError = "";
if (isset($_SESSION['error'])) {
$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
}
$sOutput .= '
<div id="cent">
<div align="center">
<table width="355">
<tr><td>
<img src="logo.png" width="355" height="42">
<div id="showl">Register form</div>
</br><div id="shows">' . $sError . '</div></br>
<form name="register" method="post" action="' . $_SERVER['PHP_SELF'] . '?action=register">
<div id="shows">Login</div>
<input id="zero" type="text" name="username" value="' . $sUsername . '" /><br />
<div id="shows">Password</div>
<input id="zero" type="password" name="password" value="" /><br /><br />
<input id="klac" type="submit" name="submit" value="Register" />
<img src="spacer.png" width="350" height="8">
<a href="login.php"><div id="klac"> or log in! </div></a>
</form>
<br />
</td></tr>
</table>
</div>
</div>
';
}
$sOutput .= '</div>';
echo $sOutput;
?>