我已经研究了一段时间,甚至得到了我的托管公司的帮助,但我通过我的网站遇到了我的PHP代码和我的数据库的问题。虽然我的代码确实哈希了我输入的密码,当我尝试使用常规字密码时,它出现错误。但是如果我复制并粘贴哈希密码,它就可以了。
<?php
/* NEW.PHP
Allows user to create a new entry in the database
*/
// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($email, $pass, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>New User</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '') {
echo '<div style="padding:4px; border:1px soluser_id red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<div>
<strong>Update User Info <br><br><br><br><br>Email: *</strong>
<input type="text" name="email" value="<?php echo $email; ?>" /><br/>
<strong>Password: *</strong> <input type="password" name="pass" value="<?php echo $pass; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit"> <br><br>Back to <a href="index2.html">home</a>?</div>
</form>
</body>
</html>
<?php
}
// connect to the database
include('connect-db.php');
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit'])) {
// get form data, making sure it is valuser_id
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
$pass = mysql_real_escape_string(htmlspecialchars($_POST['pass']));
// check to make sure both fields are entered
if ($email == '' || $pass == '') {
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($email, $pass, $error);
} else {
// save the data to the database
mysql_query("INSERT users SET email='$email', pass=MD5('$pass')")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
} else {
// if the form hasn't been submitted, display the form
renderForm('','','');
}
?>
正如你所看到的那样,当我把它输入数据库时它会对它进行哈希处理,但是当我尝试按照最初拼写的方式使用密码时,它会告诉我这是错误的。
答案 0 :(得分:-5)
我会在PHP端进行MD5哈希处理。在进入数据库之前打印它,并尝试将其与登录表单上给出的输入进行比较。
在这种情况下也不需要htmlspecialchars
。因为逃脱是好的。如果它包含奇怪的字符,它会将它们与数据库匹配。
还要确保在两个页面上都设置了您的编码类型,并确保它们相同。
答案 1 :(得分:-5)
如果没有在登录表单中看到您的SELECT查询,我会问您在选择它时是否对MD5进行哈希处理?
mysql_query("SELECT * FROM users WHERE email='$email' AND pass=MD5('$pass')")
or die(mysql_error());
但是,我同意您不应该使用MD5进行密码散列。查看http://php.net/manual/en/function.password-hash.php