我有一个注册脚本:
function NewUser()
{
$fullname = $_POST['name'];
$userName = $_POST['user'];
$email = $_POST['email'];
$password = $_POST['pass'];
$confirm_password = $_POST['cpass'];
$salt = 'a salt(not in my real script)';
$password = crypt($password, $salt);
$query = "INSERT INTO WebsiteUsers (fullname,userName,email,pass) VALUES ('$fullname','$userName','$email','$password')";
$data = mysql_query ($query)or die(mysql_error());
if($data)
{
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
哪种方法效果很好,它会存储包含加密密码的所有内容。 我还有一个支票登录代码:
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT pass FROM $tbl_name WHERE userName='$myusername' ";
$result = mysql_query($sql);
if (crypt($user_input, $password) == $password){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
这段代码中出现了一些错误,阻塞了我的login_success.php,它会说错误的用户名或密码,我知道这是我的密码加密错误。有人可以帮我调试这段代码,这样它就会以正确的方式看到加密的密码。因为我正在测试网站登录,但它不起作用,因为(我认为)它无法正确看到加密密码。(抱歉我的英文不好)
答案 0 :(得分:0)
使用身份验证系统创建网站的更好方法是使用已内置的development framework。
一个很好的例子是Laravel,它有一个非常强大的authentication platform,您可以直接使用它。