加密的注册和登录密码出错了

时间:2014-04-10 17:22:50

标签: php mysql login passwords encryption

我有一个注册脚本:

function NewUser() 
{ 
        $fullname = $_POST['name']; 
        $userName = $_POST['user']; 
        $email = $_POST['email']; 
        $password = $_POST['pass'];
        $confirm_password = $_POST['cpass'];
        $salt = 'a salt(not in my real script)';
        $password = crypt($password, $salt);
        $query = "INSERT INTO WebsiteUsers (fullname,userName,email,pass) VALUES ('$fullname','$userName','$email','$password')"; 
        $data = mysql_query ($query)or die(mysql_error()); 
        if($data) 
        { 
        echo "YOUR REGISTRATION IS COMPLETED..."; 
        } 
    } 

哪种方法效果很好,它会存储包含加密密码的所有内容。 我还有一个支票登录代码:

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT pass FROM $tbl_name WHERE userName='$myusername' ";
$result = mysql_query($sql); 

if (crypt($user_input, $password) == $password){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

这段代码中出现了一些错误,阻塞了我的login_success.php,它会说错误的用户名或密码,我知道这是我的密码加密错误。有人可以帮我调试这段代码,这样它就会以正确的方式看到加密的密码。因为我正在测试网站登录,但它不起作用,因为(我认为)它无法正确看到加密密码。(抱歉我的英文不好)

1 个答案:

答案 0 :(得分:0)

使用身份验证系统创建网站的更好方法是使用已内置的development framework

一个很好的例子是Laravel,它有一个非常强大的authentication platform,您可以直接使用它。