在PHP进入数据库之前在PHP中哈希密码,从而获得错误

时间:2016-10-18 21:49:56

标签: php mysql hash

我已经研究了一段时间,甚至得到了我的托管公司的帮助,但我通过我的网站遇到了我的PHP代码和我的数据库的问题。虽然我的代码确实哈希了我输入的密码,当我尝试使用常规字密码时,它出现错误。但是如果我复制并粘贴哈希密码,它就可以了。 

<?php
/* NEW.PHP 
    Allows user to create a new entry in the database
*/
// creates the new record form

// since this form is used multiple times in this file, I have made it a function that is easily reusable

function renderForm($email, $pass, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"        "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>New User</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>

<?php

// if there are any errors, display them
if ($error != '') {
    echo '<div style="padding:4px; border:1px soluser_id red;      color:red;">'.$error.'</div>';
}
?>

<form action="" method="post">
<div>
<strong>Update User Info <br><br><br><br><br>Email:    *</strong>
<input type="text" name="email" value="<?php echo $email; ?>" /><br/>
<strong>Password: *</strong> <input type="password" name="pass" value="<?php echo $pass; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit"> <br><br>Back to <a    href="index2.html">home</a>?</div>
</form>
</body>
</html>
<?php
}

// connect to the database
include('connect-db.php');

// check if the form has been submitted. If it has, start to process the form and save it to the database

if (isset($_POST['submit'])) {
    // get form data, making sure it is valuser_id
    $email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
    $pass = mysql_real_escape_string(htmlspecialchars($_POST['pass']));
    // check to make sure both fields are entered

    if ($email == '' || $pass == '') {
        // generate error message
        $error = 'ERROR: Please fill in all required fields!';
        // if either field is blank, display the form again
        renderForm($email, $pass, $error);
    } else {

        // save the data to the database

        mysql_query("INSERT users SET email='$email', pass=MD5('$pass')")
            or die(mysql_error());
        // once saved, redirect back to the view page
        header("Location: view.php");
    }
} else {

    // if the form hasn't been submitted, display the form
    renderForm('','','');
}
?>

正如你所看到的那样,当我把它输入数据库时​​它会对它进行哈希处理,但是当我尝试按照最初拼写的方式使用密码时,它会告诉我这是错误的。

2 个答案:

答案 0 :(得分:-5)

我会在PHP端进行MD5哈希处理。在进入数据库之前打印它,并尝试将其与登录表单上给出的输入进行比较。

在这种情况下也不需要htmlspecialchars。因为逃脱是好的。如果它包含奇怪的字符,它会将它们与数据库匹配。

还要确保在两个页面上都设置了您的编码类型,并确保它们相同。

答案 1 :(得分:-5)

如果没有在登录表单中看到您的SELECT查询,我会问您在选择它时是否对MD5进行哈希处理?

mysql_query("SELECT * FROM users WHERE email='$email' AND pass=MD5('$pass')") 
or die(mysql_error());

但是,我同意您不应该使用MD5进行密码散列。查看http://php.net/manual/en/function.password-hash.php

相关问题
最新问题