无法使用PHP和MYSQL使用数据库选择(验证)数据

时间:2014-10-22 15:36:25

标签: php mysql

帮助我,我可以将电子邮件和密码插入数据库表,但是当我再次登录时无法验证数据(直接显示错误"我们无法使用电子邮件和密码&#34)

<?php
session_start();

$link = mysqli_connect("localhost","","",""); 
$email = $_POST['email'];
$password = md5($_POST['password']);


if ($_POST['submit']=="Sign Up") {


    if (!$_POST['email']) $error.="<br />Please enter your email";
       else if (!filter_var ($_POST['email'],FILTER_VALIDATE_EMAIL)) $error.="<br />Please enter a valid email address";
    if (!$_POST['password']) $error.="<br />Please enter your password";
    else
     {
         if (strlen($_POST['password'])<8) $error.="<br />Please enter your password atleast 8 characters long";
         if (!preg_match('`[A-Z]`', $_POST['password'])) $error.= "<br />Please include atleast on capital letter";


     }
     if($error) echo " There were some error in signup details:".$error; 

     else {

                   $query = "SELECT * FROM `users` WHERE email = '".mysqli_real_escape_string($link,$_POST['email'])."'";

                    $result= mysqli_query($link, $query);
                    echo $results = mysqli_num_rows($result);
                    if($results) echo "that email is already registered . Do you want to login ?";
                    else {

                        $query="INSERT INTO `users` (`email`, `password`) VALUES('$email', '$password')"; 


                    mysqli_query($link,$query);
                    echo "you've been siggned up";

                    $_SESSION['id']=mysqli_insert_id($link);
                    print_r($_SESSION);

                    //redirect to logged in Page 


                    }
     }

}

if ($_POST['submit']=="Log In") {



 $query = "SELECT * FROM `users` WHERE email = '".mysqli_real_escape_string($link,$_POST['loginemail'])."' AND password='".md5(md5($_POST['loginemail']).$_POST['loginpassword'])."' LIMIT 1";

$result = mysqli_query($link,$query);

$row = mysqli_fetch_array($result);



if($row) {
      $_SESSION['id']= $row['id'];

//redirect to logged in page

} else {
    echo "we could not log you in with email and password";
    }
    }

?>
<form method="post">
<input type="text" name="email" id="email" value="<?php echo addslashes($_POST['email']) ?>"/>
<input type="password" name="password" value="<?php echo addslashes($_POST['password'])?>" />
<input type="submit" name="submit" value="Sign Up" />
</form>

<form method="post">
<input type="text" name="loginemail" id="loginemail" value="<?php echo addslashes($_POST['email']) ?>"/>
<input type="password" name="loginpassword" value="<?php echo addslashes($_POST['password'])?>" />
<input type="submit" name="submit" value="Log In" />
</form>

1 个答案:

答案 0 :(得分:1)

您正在存储未经过哈希处理的密码。

 "INSERT INTO `users` (`email`, `password`) VALUES('$email', '$password')"

然后选择密码哈希的行。

 "SELECT * FROM `users` WHERE email = '".mysqli_real_escape_string($link,$_POST['loginemail'])."' AND password='".md5(md5($_POST['loginemail']).$_POST['loginpassword'])."' LIMIT 1"
相关问题
最新问题