登录脚本失败 - 通过注册表填充用户

时间:2014-03-17 11:33:24

标签: php login hash salt

好的,所以我一直在关注哈希密码的基本教程,所以我不熟悉这个......

注册工作正常并填充我的数据库但是当登录时无法识别我的用户。我已经通过创建一个fail.php文件对此进行了测试,因此当dosnt识别用户时,它会将它们发送到那里。我正在寻找的是一个指针,找出如何让用户登录并开始会话,但显然有一个障碍阻止了这一点。

登录操作脚本:

<?
session_start(); //must call session_start before using any $_SESSION variables
$username = $_POST['username'];
$password = $_POST['password'];


include 'connect.php'; 


$username = mysql_real_escape_string($username);
$query = "SELECT password, salt
        FROM users
        WHERE username = '$username';";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such user exists
{
    header('Location: fail.php');
    die();
}
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
if($hash != $userData['password']) //incorrect password
{
    header('Location: login_form.php');
    die();
}
else
{
    validateUser(); //sets the session data for this user
}
?>

登录表单:

<form name="login" action="login.php" method="post">
    Username: <input type="text" name="username" />
    Password: <input type="password" name="password" />
    <input type="submit" value="Login" />
</form>

如果需要,注册脚本:

<?php
//retrieve our data from POST
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($pass1 != $pass2)
    header('Location: register_form.php');
if(strlen($username) > 30)
    header('Location: register_form.php');

$hash = hash('sha256', $pass1);


//creates a 3 character sequence
function createSalt()
{
    $string = md5(uniqid(rand(), true));
    return substr($string, 0, 3);
}
$salt = createSalt();
$hash = hash('sha256', $salt . $hash);

$dbhost = 'localhost';
$dbname = '******';
$dbuser = '******';
$dbpass = '******'; //not really
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $conn);
//sanitize username
$username = mysql_real_escape_string($username);
$query = "INSERT INTO users ( username, password, salt )
        VALUES ( '$username' , '$hash' , '$salt' );";
mysql_query($query);
mysql_close();
header('Location: login_form.php');

?>

以下是他们登录的页面:

 <?php
    session_start();
    //if the user has not logged in
    if(!isLoggedIn())
    {
        header('Location: login.php');
        die();
    }
    ?>

0 个答案:

没有答案
相关问题
最新问题