密码加密就好了。但解密很奇怪。它没有给我破译的密码。
这里是解密结果/输出:http://prntscr.com/91q0rv
表格结构:http://prntscr.com/91qgcs
现在,我要发布所有相关代码。但是为了节省一些时间,请密切关注login_db.php,问题来自哪里。
db.php中
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_database = "db_bank";
$db = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die ("couldn't select any database");
mysql_select_db($mysql_database, $db) or die ("couldn't select any database");
mysql_query("set character_set_server='utf8'");
mysql_query("set names 'utf8'");
$key = 'Dr. Imran';
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
register_db.php
include('db.php');
$fname=$_POST['fname'];
$username=$_POST['username'];
$password = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $_POST['password'], MCRYPT_MODE_CBC, $iv);
$password = base64_encode($password);
echo $password.'<br>';
$email=$_POST['email'];
$phone=$_POST['phone'];
$country=$_POST['country'];
$age=$_POST['age'];
$gender=$_POST['gender'];
$check="SELECT * FROM customers WHERE Username='$username'";
$results=mysql_query($check);
$check2="SELECT * FROM customers WHERE Email='$email'";
$results2=mysql_query($check2);
if(mysql_num_rows($results) == 0)
{ $check='true'; }
else
{ header("location: register.php?username=false"); }
if(mysql_num_rows($results2) == 0)
{ $check2='true'; }
else
{
if($check!='true')
{ header("location: register.php?username=false&email=false"); }
else
{ header("location: register.php?email=false"); }
}
if($check=='true' && $check2='true')
{
for($i=0; $i<1; $i++)
{
$id=rand(2000,3000);
$check3="SELECT * FROM customers WHERE ID='$id'";
$results3=mysql_query($check3);
if(mysql_num_rows($results3) > 0)
{ $i=-1; }
else
{
mysql_query("INSERT INTO customers (Fname, Username, Password, Email, Phone, Country, Age, Gender, ID) VALUES ('$fname', '$username', '$password','$email', '$phone', '$country', '$age', '$gender', '$id')");
header("location: login.php?register=success");
}
}
}
mysql_close($db);
login_db.php
session_start();
include('db.php');
$username = $_POST['UserOrEmail'];
$email = $_POST['UserOrEmail'];
$password = $_POST['password'];
$qry="SELECT * FROM customers WHERE (username='$username' OR email='$email')";
$results=mysql_query($qry);
if(mysql_num_rows($results) > 0)
{
$rows = mysql_fetch_assoc($results);
//Here is where the problem coming from
$check = base64_decode($rows['Password']);
$check = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $check, MCRYPT_MODE_CBC, $iv);
if($password == $check)
{
$_SESSION['username'] = $rows['Username'];
header("location: index.php");
}
}
else { die("Login failed"); }
我希望这可以帮助您找出问题
答案 0 :(得分:1)
每次db.php加载时,您都会生成一个新的$iv。您也应该存储它,以便使用相同的加密和解密。