尝试获取连接SQL数据库并进行身份验证的代码。
它一直返回“无效的用户名/密码组合”。
以下是代码:
<?php
require_once 'login.php';
$connection = new mysqli( $hn, $un,$pw, $db);
if ($connection->connect_error) die($connection->connect_error);
if (isset($_SERVER['PHP_AUTH_USER']) &&
isset($_SERVER['PHP_AUTH_PW'])) {
$un_temp= sanitize($_SERVER['PHP_AUTH_USER']);
$pw_temp= sanitize($_SERVER['PHP_AUTH_PW']);
$query = "SELECT * FROM users WHERE username='$un_temp'";
$result = $connection->query($query);
if (!$result) die($connection->error);
else{
$row = $result->fetch_array(MYSQLI_NUM);
$salt1 = "qm&h*";
$salt2 = "pg!@";
$token = hash('ripemd128', "$salt1$pw_temp$salt2");
if ($token == $row[3]) echo "$row[0] $row[1] :
Hi $row[0], you are now logged in as '$row[2]'";
else die("Invalid username/password combination");
}
} else {
header('WWW-Authenticate: Basic realm="Restricted Section"');
header('HTTP/1.0 401 Unauthorized');
die ("Please enter your username and password");
}
$connection->close();
function sanitize($var) {
$value = stripslashes($var);
$value = strip_tags($var);
$value = htmlentities($var);
return $value;
}
?>