好的,所以我尝试登录到我的网站,但它告诉我用户名是错误的,我之前使用MD5加盐安全密码,但现在我只使用普通的MD5,所以我删除了盐功能。现在它不让我登录?
<?php
session_start();
$Info['sqlhost'] = ".\SQLEXPRESS";
$Info['sqluser'] = "sa";
$Info['sqlpass'] = "******";
$Info['sqldb'] = "Account";
$connection = odbc_connect("Driver={SQL Server Native Client 10.0};Server=$Info[sqlhost];Database=$Info[sqldb];", $Info['sqluser'], $Info['sqlpass']);
$postData['user'] = sql_clean($_POST['user']);
$postData['pass'] = MD5(sql_clean($_POST['pass']));
$postData['page'] = $_POST['page'];
$postData['ip'] = $_SERVER['REMOTE_ADDR'];
$stmt = odbc_prepare($connection, "SELECT * FROM Account..tAccounts WHERE sUsername = ?");
$exec = odbc_execute($stmt, array($postData['user']));
if($stmt)
{
$sqlData = odbc_fetch_array($stmt);
$userData['sUsername'] = $sqlData['sUsername'];
$userData['sUserPass'] = $sqlData['sUserPass'];
$userData['sIP'] = $sqlData['sIP'];
if(odbc_num_rows($stmt) != 1)
{
header('Location: index.php?failed=1337');
exit();
}elseif (MD5($postData['pass']) == $userData['sUserPass'])
{
$_SESSION['user'] = $userData['sUsername'];
header("Location: $postData[page]");
exit();
}
else
{
header('Location: '. $postData['page'] .'?failed=1337');
exit();
}
}
else
{
die('Query Failed');
}
function sql_clean($str) {
$characters = array('^', '°', '!', '"', '²', '§', '³', '$', '%', '&', '/', '{', '(', '[', ')', ']', '=', '}', '?', '\'', '´', '`', '€', '*', '+', '~', '#', "'", '<', '>', '|', 'µ', ';');
$replace=array('', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '');
return str_replace($characters,$replace,$str);
}
odbc_close($connection);
?>
网址只返回?failed = 1337,没有其他事情发生。