登录密码不断出错PHP,PDO,Salt

时间:2017-04-03 02:07:08

标签: php pdo login 

<?php
require_once "pdo.php";
session_start();

// Redirect to index.php if use clicks cancel button
if ( isset($_POST['cancel'] ) ) {
    header("Location: index.php");
    return;
}

// salt and hash
$salt = 'XyZzy12*_';

// Check to see if we have some POST data, if we do process it
if ( isset($_POST['email']) && isset($_POST['pass']) ) {

    // Check for email and password
    if ( strlen($_POST['email']) < 1 || strlen($_POST['pass']) < 1 ) {
        //$failure = "Email and password are required";
        $_SESSION['error'] = "Email and password are required";
        header("Location: login.php");
        return;

    // Check for at-sign in email
    } elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
        $_SESSION['error'] = "Email must have an at-sign (@)";
        header("Location: login.php");
        return;

    } else {

        //All looks good, so redirect to index.php
        $check = hash('md5', $salt.$_POST['pass']);
        if ( $check == true) {
            $_SESSION['name'] = $_POST['email'];
            error_log("Login success ".$_POST['email']);
            header("Location: index.php");
            return;
        } else {
            //Else redirect to the login page
            $_SESSION['error'] = "Incorrect Password";
            error_log("Login fail ".$_POST['email']." $check");
            header("Location: login.php");
            return;

        }
    }
}

?>

<!DOCTYPE html>
<html>
<head>
    <?php require_once "bootstrap.php"; ?>
    <title>Login</title>
</head>
<body>
    <div class="container">

        <br /><br />

        <?php

        // Message View of Errors
        if ( isset($_SESSION['error']) ) {
            echo('<p style="color: red;">'.htmlentities($_SESSION['error'])."</p>\n");
            unset($_SESSION['error']);
        }

        ?>

        <h1>Please Log In</h1>

        <form method="POST">
            <label for="name">Email</label>
            <input type="text" name="email" id="name"><br/>
            <label for="id_1723">Password</label>
            <input type="password" name="pass" id="id_1723"><br/>
            <input type="submit" onclick="return doValidate();" value="Log In">
            <input type="submit" name="cancel" value="Cancel">
        </form>

大家好,我正在课堂上学习PHP,而且我一直在理解这段代码的实际含义。我们被要求删除login.php文件中曾经存在的$ stored_hash。目前,我们只有$ salt(第12行)。

有了这个改变,第34行令我困惑。当我将$ stored_hash更改为$ salt时,我无法让我的登录工作。它总是说'密码错误',我甚至不知道它来自何处。

任何人都可以帮助解释12号线和34号线吗?我只想让密码与盐匹配,以便用户可以登录。对我这样的新手表示感谢,谢谢。

0 个答案:

没有答案
相关问题
最新问题