我有这个代码用于我的登录测试但遗憾的是,我的哈希(md5)曾经与一个记录(如果存在)相比,它与通过我的登录参数的登录数据相匹配。 (请参阅下面的代码)它总是返回$ error ="无效的用户名或密码"但当我试图删除md5哈希并使我的密码平坦(没有哈希),它的工作,据说我不想为了安全目的平放我的密码。
//check if there is post request named username and password
if (isset($_POST['username']) || isset($_POST['password'])){
//check if username and password is empty
if ($_POST['username'] === "" || $_POST['password'] === ""){
$error = "Username or password must not be empty.";
} elseif (preg_match('`^[a-zA-Z0-9_]@{1,}$`', $_POST['username'])) {
// check if username contains other than number, letters and underscore
$error = "Username must only letters, underscore and numbers!";
exit;
}else{ //not empty then check in database
//filter username and password to avoid sql injections
$username = htmlspecialchars(stripslashes($_POST['username']));
$password = htmlspecialchars(stripslashes($_POST['password']));
$password = md5($password);
$sql = "SELECT id from user WHERE username='$username' and password='$password'";
//checking if the username is available in the table
$result = mysqli_query($db,$sql);
$count_row = $result->num_rows;
if ($count_row == 1) {
$_SESSION['login'] = true;
header('location: home.php');
exit;
}else{
$error = "Invalid username or password";
} //end of else if theres no record found.
} //end of else isset username and password
}//end of isset username and password
也是这一行
} elseif (preg_match('`^[a-zA-Z0-9_]@{1,}$`', $_POST['emailusername'])) {
// check if username contains other than number, letters and underscore
echo "Username must only letters, underscore and numbers!";
exit;
也不起作用,正如您从上面的参考代码行看到的那样,它必须检查用户名是否包含数字,字母和下划线以外的内容然后如果用户名包含除数字,字母和下划线以外的其他内容则会抛出错误但它总是返回$ error ="用户名只能是字母,下划线和数字!";
任何帮助,想法,线索将不胜感激。谢谢!
答案 0 :(得分:0)
md5哈希不建议不再安全。如果您更喜欢md5哈希仍然如我在您的代码中看到的那样(在md5散列的情况下),这似乎没有问题。检查你的数据库并比较你的密码输出(md5哈希)。