试图创建一个登录和注册PHP系统

时间:2016-04-04 16:14:20

标签: php mysqli

我尝试使用PHP创建登录和注册系统 注册系统工作但检查db中的现有值不能用于创建登录。

这是我的数据库

+----------+-------------+------+-----+---------+----------------+
| Field    | Type        | Null | Key | Default | Extra          |
+----------+-------------+------+-----+---------+----------------+
|Member_ID | int(11)     | NO   | PRI | None    | auto_increment |
|FirstName |char(20)     | NO   |     | None    |                |
|LastName  |char(20)     | NO   |     | None    |                |
|Email     |varchar(50)  | NO   |     | None    |                |
|User_Password |char(20) | NO   |     | None    |                |
+----------+-------------+------+-----+---------+----------------+

以下代码是我的注册并且有效

<?php
require_once 'Database_conx.php';


$get_first_name = $_POST["Firstnamebox"];
$get_last_name  = $_POST["Lastnamebox" ];
$get_password   = md5($_POST["passwordbox" ]);
$get_email      = $_POST["emailaddbox" ];

$firstname = trim($get_first_name);
$lastname  = trim($get_last_name);
$passcode  = trim($get_password);
$email     = trim($get_email);

$processvalue = "Insert INTO Registration ( FirstName, LastName, User_Password,Email )
              VALUES ('$firstname' ,'$lastname', '$passcode' ,'$email'   )";


if (mysqli_query($conn, $processvalue)) {

echo 'Sucess in submiting data in db ';

} else {
   echo "error in testing :" .mysqli_error($conn);
}  

mysqli_close($conn)

 ?>

以下代码用于检查db

中是否存在值 
 <?php
    require_once 'Database_conx.php';

     if(isset($_POST['loginbtn'])){
       $db =  mysqli_select_db($conn, 'Star5_db');


    $email = $_POST["loginemailbox"];
    $password = $_POST["loginpasswordbox"];

    $e = trim($email);
    $p = trim($password);

    $pc = mysqli_query($db, "SELECT * FROM Registration WHERE Email = $e AND User_Password = $p");


  if (empty($e)){ 
      echo " oops you're missing your email";

  }

     if(empty($p)){
        echo "<br>Please type in your password </br>";
     } 

  if($pc)
  {
      echo " <br> $e. is found in the database :)</br>";
  } 
  elseif (empty ($e)) {
    echo '   ';

} 
elseif (!filter_var($e,FILTER_VALIDATE_EMAIL) === TRUE) {
    echo ("<br>$e is not a valid email<br>");
}

else
  {
      echo " <br> $e. not found in db </br>" .  mysqli_error();
  }  

  mysqli_close($pc); 

}

      }
  ?>

任何人都可以告诉我我做错了什么

2 个答案:

答案 0 :(得分:0)

您正在数据库中存储(不良)哈希密码,但是当您尝试登录时,您正在搜索未哈希的纯文本匹配。

您需要对用户提交的密码进行哈希处理,并将结果与​​数据库中的任何内容进行比较。

答案 1 :(得分:0)

Try this:

if ($pc==1) {
  echo " <br> $e. is found in the database :)</br>";
}
相关问题
最新问题