我正在使用自己的登录脚本,而且我很蠢,所以我无法理解这一点。我甚至复制了另一个脚本,它仍然无效。我真的不明白什么是错的,但它不断返回“用户名和密码不正确!”即使我输入确切的信息。我甚至设置它,以便它在登录时甚至没有哈希密码,我必须输入密码表单的哈希,它没有返回任何错误,但没有登录我。
<?php
include('session.php');
// Get the strings ready for checking
$username = prepare($_POST['username']); // Get the entered name
$password = prepare($_POST['password']); // Get the entered password
$usernamereal = getuserdata($username, 'username'); // Get the real name so the salt works
$salt = hash("sha256", $usernamereal.$password); // salted password
// Attempt to login
$query = query("SELECT * FROM users WHERE username='$username' AND password='".hash("sha256", $usernamereal.$password)."'");
if(mysqli_num_rows($query) == 1){ // The attempt is successful!
$_SESSION['username'] == getuserdata($username, 'username');
query("UPDATE users SET token = ".gentoken()." WHERE username = '".$_SESSION['username']."'");
if($_POST['rememberme']){
setcookie("username", $_SESSION['username'], time()+COOKIE_EXPIRE, COOKIE_LOC);
setcookie("hash", getdata(hash), time()+COOKIE_EXPIRE, COOKIE_LOC);
}
header('Location: index.php');
exit;
}else{ // Something went wrong when the user entered their details
$_SESSION['login_error'] = "Wrong username or password!";
$_SESSION['attempt_name'] == $username;
header('Location: index.php');
}
?>
注意:query(),prepare(),getdata()和getuserdata()是预定义的字符串。我试过了
<?php die(mysqli_num_rows($query)); ?>
......然后又返回一个空白屏幕。
这里发生了什么?我甚至将它们转换为测试(== 0)并且它给出了相同的结果。
答案 0 :(得分:0)
我终于明白了!我的密码列设置为20.我忘了将其更改为64.糟糕。