这是我第一次使用Mysqli。所以我可能犯了一些错误。好吧,我已成功插入所有数据用于注册目的,包括密码哈希到Mysql数据库。
//for password
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
$pass = hash('sha512', $password . $random_salt);
好吧,当我使用以下代码登录时,它显示我的自定义错误消息"电子邮件地址或密码不正确"
<?php
ob_start();
session_start();
require_once("includes/config.php");
$email = inputvalid($_POST['email']);
$password = inputvalid($_POST['password']);
//$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
//$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
//$pass = hash('sha512', $password.$random_salt);
$salt = mysqli_query($mysqli, "SELECT salt FROM members WHERE email = '$email'");
$res = mysqli_fetch_array($salt, MYSQLI_NUM);
$salt = $res['salt'];
$password2 = hash('sha512', $password.$salt);
$check = mysqli_query($mysqli, "SELECT email, password FROM members WHERE email='$email' AND password = '$password2' ");
$num = mysqli_num_rows($check);
$isActive = mysqli_query($mysqli, "SELECT is_active FROM members WHERE email = '$email' ");
$res = mysqli_fetch_array($isActive, MYSQLI_NUM);
$isActive = $res['is_active'];
$msg = array();
$msg['error'] = false;
if(empty($email) && empty($password)){
$msg[] = "Both field require";
$msg['error'] = true;
}
elseif($num == 0){
$msg[] = "Email address or password is not correct";
$msg['error'] = true;
echo mysql_error();
}elseif($isActive == 0) {
$msg[] = "Sorry, you account has not been activated.";
$msg['error'] = true;
}
if($msg['error'] === false)
{
//Begin form success functionality
$_SESSION['email'] = $email;
$_SESSION['password'] = $password2;
if(isset($_SESSION['email']) && isset($_SESSION['password']))
{
$msg[] = '<br/><font color="b9c025">Successfully login.</font><br/><br/>';
}
else
{
$msg[] = "Session not registererd";
$msg[] = "The reasone is " . mysql_error();
}
//update database...
$date = date("d-m-y h:m:s");
$update = mysqli_query($mysqli, "UPDATE members SET last_visit_dt = '$date', pageviews = pageviews + 1 WHERE email = '$email'");
}
$another = "close";
echo json_encode($msg);
?>
任何人都可以帮助我吗?
更新:
function inputvalid($para){
return mysqli_real_escape_string(htmlspecialchars(trim($para)));
}
答案 0 :(得分:1)
尝试类似的东西:
更换
$check = mysqli_query($mysqli, "SELECT email, password FROM members WHERE email='$email' AND password = '$password2' ");
$num = mysqli_num_rows($check);
通过
$check = mysqli_real_query($mysqli, "SELECT email, password FROM members WHERE email='$email' AND password = '$password2' ");
$result = mysqli_store_result($mysqli);
$num = $result->num_rows;
mysqli_free_result($result);