注册或登录脚本无法正常工作?

时间:2016-10-15 06:53:52

标签: php mysql

我已经尝试过足以解决这个问题。我编写了一个脚本来注册并登录我的程序。 如果我插入一个小密码,但如果我插入一个像123456789这样的长密码,那么该脚本可以正常工作。 请检查我的代码并指出错误。

这是我的剧本

  <?php
  //Turn off all error reporting
  error_reporting(0);
  define("ENCRYPTION_KEY", "greatindian");
   /**
  Returns an encrypted & utf8-encoded
   */
 function encrypt($pure_string, $encryption_key) {
 $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
 $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
return $encrypted_string;
}

/**
Returns decrypted original string
*/
function decrypt($encrypted_string, $encryption_key) {
$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $encryption_key, $encrypted_string, MCRYPT_MODE_ECB, $iv);
return $decrypted_string;
  }
/*http://localhost/sgame.php?action=register&&name=mrugesh&&email=mrugesh.shah00143@gmail.com&&password=123456789&&key=nation*/
/* require the authentication as the parameter registration start here*/


if(($_GET['action'])&&($_GET['name'])&&($_GET['email'])&&($_GET['password'])&&($_GET['key'])) {

$action=$_GET['action'];
$name=$_GET['name'];
$email=$_GET['email'];
$password=$_GET['password'];
//$pass= md5($password);
$encrypted_password = encrypt($password, ENCRYPTION_KEY);
$key= $_GET['key'];
if($key=='nation'){

if($action=='register'){    

 $con = mysql_connect('localhost','root','rose') or die('Cannot connect to the DB');
 mysql_select_db('project',$con);

 /* grab the posts from the db */

 $query = mysql_query("INSERT INTO `register` (name,email,password)
 VALUES ('".$name."','".$email."', '".$encrypted_password."')");
 if($query){
       echo "Data inserted";
/*Auto genrated registration mail  */

 require_once('class.phpmailer.php');
 require 'PHPMailerAutoload.php';

 $mail = new PHPMailer();
 $mail->IsSMTP();
 $mail->SMTPAuth = true;
 $mail->SMTPSecure = 'tls';
 $mail->Host = "smtp.gmail.com";
 $mail->Port = 587;
 $mail->Username = "ramesh123@gmail.com";
 $mail->Password = "123456789";
 $mail->SetFrom( $email, 'project');
 $mail->Subject = "Welcome to project";
 //$mail->SMTPDebug = 1;
 $body= file_get_contents('email2.html');                              
 $address =$email;
 //$name=$name;
$mail->MsgHTML($body);
$mail->AddAddress($address);
if($mail->Send()) {
echo "Message sent!";
} else {
 echo "Mailer Error: " . $mail->ErrorInfo;
 }



   }

   mysql_close($con);
  //
 //$posts = array($json);
 $posts = array(1);
header('Content-type: application/json');
json_encode(array('posts'=>$posts));

 }
  }else{
  echo "You are not authorized person";
  }
  }
  /*login*/

  if(($_GET['action'])&&($_GET['email'])&&($_GET['password'])){
  $login= $_GET['action'];
  $email = $_GET['email'];
  $password = $_GET['password'];
  //$pass = md5($password);
  $encrypted_password = encrypt($password, ENCRYPTION_KEY);echo"<br>";


  /* insert this link in broweser to check the script
  http://localhost/sgame.php?action=login&&   email=mrugesh.shah00143@gmail.com&&password=123456789*/       

  if($login=='login'){
   $connect = mysqli_connect('localhost','root','rose')or die("Couldn't connect to database!");
   mysqli_select_db($connect,'project') or die ("Couldn't find database");

    $query = mysqli_query($connect,"SELECT * FROM register WHERE email ='$email' ");
   $numrows=mysqli_num_rows($query);
   if($numrows!==0)
   {
    while($row = mysqli_fetch_assoc($query))
   {

      $dbpassword = $row['password'];
      $dbemail =    $row['email'];
   }




        if($dbpassword==$encrypted_password&&$dbemail==$email){

            $Return['status'] = 'true';
            $Return['message'] = "you are successfully logged in";




        }else{
            $Return['status'] = 'false';
            $Return['message']= " Please enter valid email and password";

         }


        header('Content-type: application/json');
        echo  json_encode($Return);


                    }                     

                  }
                }       

                 /*login ends here*/    
                ?>

1 个答案:

答案 0 :(得分:0)

我无法让您的代码加密并匹配输入的登录密码和保存的加密密码。修改后的代码,这似乎工作正常。我只专注于密码匹配,因此模拟数据库访问和登录只需设置2个字符串(无论如何你从数据库中提取的内容)也通过在此阶段不比较电子邮件来简化事情。首先获取密码然后您可以开始添加其他变量,如电子邮件等。

<?php
define("ENCRYPTION_KEY", "greatindian");
function encrypt($pure_string, $encryption_key) {
 $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
 $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
return $encrypted_string;
}
$registered_password = '12345678901234567890';
$encrypted_password = encrypt($registered_password, ENCRYPTION_KEY);
echo $encrypted_password.'<br>';
//store in database
//compare with login
$login_password='12345678901234567890';

if(encrypt($login_password, ENCRYPTION_KEY)==$encrypted_password){
    echo 'match';
}
else {echo 'no match';
}
?>
相关问题
最新问题