<?php
require_once "pdo.php";
session_start();
// Redirect to index.php if use clicks cancel button
if ( isset($_POST['cancel'] ) ) {
header("Location: index.php");
return;
}
// salt and hash
$salt = 'XyZzy12*_';
// Check to see if we have some POST data, if we do process it
if ( isset($_POST['email']) && isset($_POST['pass']) ) {
// Check for email and password
if ( strlen($_POST['email']) < 1 || strlen($_POST['pass']) < 1 ) {
//$failure = "Email and password are required";
$_SESSION['error'] = "Email and password are required";
header("Location: login.php");
return;
// Check for at-sign in email
} elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['error'] = "Email must have an at-sign (@)";
header("Location: login.php");
return;
} else {
//All looks good, so redirect to index.php
$check = hash('md5', $salt.$_POST['pass']);
if ( $check == true) {
$_SESSION['name'] = $_POST['email'];
error_log("Login success ".$_POST['email']);
header("Location: index.php");
return;
} else {
//Else redirect to the login page
$_SESSION['error'] = "Incorrect Password";
error_log("Login fail ".$_POST['email']." $check");
header("Location: login.php");
return;
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<?php require_once "bootstrap.php"; ?>
<title>Login</title>
</head>
<body>
<div class="container">
<br /><br />
<?php
// Message View of Errors
if ( isset($_SESSION['error']) ) {
echo('<p style="color: red;">'.htmlentities($_SESSION['error'])."</p>\n");
unset($_SESSION['error']);
}
?>
<h1>Please Log In</h1>
<form method="POST">
<label for="name">Email</label>
<input type="text" name="email" id="name"><br/>
<label for="id_1723">Password</label>
<input type="password" name="pass" id="id_1723"><br/>
<input type="submit" onclick="return doValidate();" value="Log In">
<input type="submit" name="cancel" value="Cancel">
</form>
大家好,我正在课堂上学习PHP,而且我一直在理解这段代码的实际含义。我们被要求删除login.php文件中曾经存在的$ stored_hash。目前,我们只有$ salt(第12行)。
有了这个改变,第34行令我困惑。当我将$ stored_hash更改为$ salt时,我无法让我的登录工作。它总是说'密码错误',我甚至不知道它来自何处。
任何人都可以帮助解释12号线和34号线吗?我只想让密码与盐匹配,以便用户可以登录。对我这样的新手表示感谢,谢谢。