我正在使用下面的代码,它检查空字段并验证电子邮件,但即使密码正确,它也不会登录。密码已插入md5保护,下面是代码。
PHP:
session_start();
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$email = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM accounts WHERE email = '$email'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: home.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['email'] | !$_POST['password']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM accounts WHERE email = '".$_POST['email']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
$_POST['password'] = md5($_POST['password']);
//gives error if the password is wrong
if ($_POST['password'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['email'] = stripslashes($_POST['email']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['email'], $hour);
setcookie(Key_my_site, $_POST['password'], $hour);
//then redirect them to the members area
header("Location: home.php");
}
}
}
else
{
// if they are not logged in
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>email:</td><td>
<input type="text" name="email" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
}
以下是注册码:
PHP:
// here we encrypt the password and add slashes if needed
$_POST['password'] = md5($_POST['password']);
if (!get_magic_quotes_gpc()) {
$_POST['password'] = mysql_escape_string($_POST['password']);
$_POST['email'] = mysql_escape_string($_POST['email']);
$_POST['full_name'] = mysql_escape_string($_POST['full_name']);
$_POST['user_url'] = mysql_escape_string($_POST['user_url']);
}
// now we insert it into the database
$insert = "INSERT INTO accounts (Uniquer, Full_name, Email, Password, User_url)
VALUES ('".$uniquer."','".$_POST['full_name']."', '".$_POST['email']."','".$_POST['password']."', '".$_POST['user_url']."')";
$add_member = mysql_query($insert);
使用ini_set函数后我得看错误,我收到此消息但不确定含义:
There are the lines where the errors are at:
if ($pass != $info['password'])
和这一行
if ($_POST['password'] != $info['password']) {
答案 0 :(得分:1)
我可以看到的一件事是你在发布的密码(非md5版本)上使用stripslashes,但在md5版本上使用它来存储密码。
您不应该真的需要在数据库中使用stripslashes密码,因为没有密码应该以斜线形式存储开始。
如果更改会发生什么:
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
$_POST['password'] = md5($_POST['password']);
要:
$_POST['password'] = md5($_POST['password']);
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
答案 1 :(得分:1)
您正尝试使用$info['password']访问数据库字段,但数据库字段实际为Password 且资本为P 。
您正在调用mysql_escape_string将数据存储在数据库中,并在提交的登录表单上调用stripslashes。也许他们对密码做了不同的事情。还有一些事情要考虑:
stripslashes或mysql_escape_string。它已被转换为仅字母数字字符。mysql_escape_string已弃用。 插入新注册后,手动md5使用的密码,然后检查该值与存储在db中的值。你可能会发现它们是不同的。
答案 2 :(得分:0)
前段时间你提出了一个类似的问题,但是我现在假设它更像是一个数据库问题。
您的密码字段是否允许32位字符用于md5哈希?密码字段太短会截断md5哈希值,因此总是无法登录。
答案 3 :(得分:0)
我解决了它,如果你在查询中注意到SELECT *,我尝试了SELECT电子邮件,密码。