我一直在寻找使我的安全登录系统正常工作的方法,但它永远不会有效!!
所以最后,我决定自己问...
我不知道我做错了什么!!
这是我的代码......(使用php 4):
test.php的
<?php
session_start();
include("functions.php");
if (!empty($_GET["name"])&&!empty($_GET["password"])) {
$name=$_GET["name"];
$pass=$_GET["password"];
if (login($name,$password)) {
$_SESSION["name"]=$name;
echo "success";
}
else {
echo "Username or password incorrect!";
}
}
else {
echo "Please enter your username and password!";
}
?>
register.php
<?php
session_start();
include("functions.php");
if (!empty($_GET["rname"])&&!empty($_GET["rpass"])&&!empty($_GET["rpass1"])&&!empty($_GET["rmail"])) {
$name=$_GET["rname"];
$pass=$_GET["rpass"];
$pass1=$_GET["rpass1"];
$mail=$_GET["rmail"];
if ($pass==$pass1) {
if (register($name,$pass,$mail)) {
echo "success";
}
else {
echo "Uknown error:(";
}
}
else {
echo "Two passwords don't match!!";
}
}
else {
echo "Please complete registration!!";
}
?>
的functions.php
include("db.php");
include('password.php');
function login($name,$password) {
global $mysqli;
$name=$mysqli->real_escape_string($name);
$password=$mysqli->real_escape_string(trim($password));
$query=$mysqli->query("SELECT * FROM system WHERE username = '$name' LIMIT 1");
if ($query->num_rows==0) {
return false;
}
else {
$row=mysqli_fetch_array($query,MYSQL_ASSOC);
$hash = $row['password'];
if (crypt($password, $hash) == $hash) {
return true;
}
else {
return false;
}
}
}
function register($name,$pass,$email) {
global $mysqli;
$name=$mysqli->real_escape_string($name);
$pass=$mysqli->real_escape_string(trim($pass));
$nameq="SELECT * FROM system WHERE username = '$name' LIMIT 1";
$mailq="SELECT * FROM system WHERE email = '$email' LIMIT 1";
$namechk=$mysqli->query($nameq);
$mailchk=$mysqli->query($mailq);
if ($namechk->num_rows==0&&$mailchk->num_rows==0) {
$hash = crypt($pass);
$insert=$mysqli->query("INSERT INTO system(username,password,email)VALUES('$name','$hash','$email')");
return true;
}
else {
return false;
}
}
我不知道我做错了什么!!
我还是初学者,请帮助我!!
如果您需要有关代码的更多信息,请告诉我。
感谢:)