我目前正在测试md5不以明文形式存储密码。 我正在使用2个文件,第一个注册用户并在数据库中插入密码的md5。 第二个文件是login.php,我尝试用户登录,将输入的密码的哈希值与存储的哈希值进行比较, 在测试了2个值与echos相等之后,标题重定向不起作用,这是我的login.php的代码,如果有人可以给我一些提示:
<?php
include("../config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sqlx = "SELECT passcode FROM jdashboard WHERE username = '".$myusername."'";
$resultx = mysqli_query($db,$sqlx);
$rowx = mysqli_fetch_array($resultx,MYSQLI_ASSOC);
$storedpass=$rowx['passcode'];
$enc_password = md5($mypassword);
/*echo $enc_password;
echo "<br>";
echo $storedpass;*/
/*
$compare=strcmp($string1,$string2);
*/
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$admin=0;
//session_register("myusername");
$_SESSION['myusername'] = 'myusername';
$sql = "SELECT admin FROM jdashboard WHERE username = '".$myusername."'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$admin= $row['admin'];
$_SESSION['login_user'] = $myusername;
if ($admin=='1'){
header("location: welcome.php");
}
else if ($admin=='0' && $storedpass == $enc_password){
header("location: https://one.potentiallead.com/dshb/usr");
}
else {
$error = "Your Login Name or Password is invalid";
} }
}
?>
提前谢谢!
答案 0 :(得分:0)
你的代码错了
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$mypassword'";
您应该比较$enc_password而不是$mypassword,因此正确的查询应该是这样的。
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$enc_password'";
无论如何,你不应该使用md5作为加密密码双重安全问题,我建议你可以使用Bcrypt PHP Class代替
希望得到这个帮助。