<?php
if(isset($_POST['login'])) {
$con=mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('db') or die("cannot select DB");
$pass = $_POST['pass'];
$user = $_POST['user'];
$encryptedpass = hash('whirlpool', $pass);
$query=mysql_query("SELECT * FROM players WHERE user='".$user."' AND pass='".$encryptedpass."'");
$numrows=mysql_num_rows($query);
echo("$encryptedpass");
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['user'];
$dbpassword=$row['pass'];
}
if($user == $dbusername && $encryptedpass == $dbpassword)
{
echo("logged in");
session_start();
$_SESSION['sess_user']=$user;
header("Location: settings.php");
} else
echo "Invalid username or password!";
}
}
?>
散列回声按预期工作,即使用户&amp;传递是正确的它说invald密码....帮助会很棒!
编辑:多奇怪......当我输入错误的密码时,无效的密码回显不显示...多么奇怪答案 0 :(得分:-1)
不确定错误是什么,但以下(基本相同)工作正常。 确保你的帖子值实际上正在传递,并且添加或死(mysql_error())将告诉你你的sql中是否有任何错误。
此外,您应该转义字符串(如果不使用预准备语句)
if(isset($_POST['login'])) {
/* Do connection */
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$encrypted = hash('whirlpool', $pass);
$q = mysql_query("SELECT id FROM players WHERE user = '".$user."' AND pass = '".$encrypted."'",$server)or die(mysql_error());
if(mysql_num_rows($q)>0) {
/* Login approved */
$row = mysql_fetch_array($q);
print $row['id'];
}else{
/* Could not login */
}
}