我创建了一个登录+注册网站。注册页面工作正常,登录也是如此,当我必须写入我的密码时,我必须写入加密版本,md5 ...... 我已经在注册页面中完成了他们的密码加密。我怎样才能在登录页面中创建他们不需要写他们的md5密码,只是他们的正常密码?
register.php看起来像:
<?
$reg = @$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(@$_POST['fname']);
$ln = strip_tags(@$_POST['lname']);
$un = strip_tags(@$_POST['username']);
$em = strip_tags(@$_POST['email']);
$em2 = strip_tags(@$_POST['email2']);
$pswd = strip_tags(@$_POST['password']);
$pswd2 = strip_tags(@$_POST['password2']);
$d = date("Y-m-d"); // Year - Month - Day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
if ($check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "The maximum limit for username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Your password must be between 5 and 30 characters long!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>Welcome to InstaWord!</h2>Login to your account to get started ...");
}
}
}
else {
echo "Your passwords don't match!";
}
}
else
{
echo "Please fill in all of the fields";
}
}
else
{
echo "Username already taken ...";
}
}
else {
echo "Your E-mails don't match!";
}
}
?>
<table class="homepageTable">
<tr>
<td width="60%" valign="top">
<h2>Share your texts!</h2>
<img src="img/animation.gif" width="930">
</td>
<td width="40%" valign="top">
<h2>Sign up</h2>
<form action="#" method="post">
<input type="text" size="25" name="fname" placeholder="First Name" value="<? echo $fn; ?>">
<input type="text" size="25" name="lname" placeholder="Last Name" value="<? echo $ln; ?>">
<input type="text" size="25" name="username" placeholder="Username" value="<? echo $un; ?>">
<input type="text" size="25" name="email" placeholder="Email" value="<? echo $em; ?>">
<input type="text" size="25" name="email2" placeholder="Repeat Email" value="<? echo $em2; ?>">
<input type="password" size="25" name="password" placeholder="Password">
<input type="password" size="25" name="password2" placeholder="Repeat Password"> <br />
<input type="submit" name="reg" value="Sign Up!">
</form>
</td>
</tr>
</table>
</body>
</html>
login.php看起来像这样:
<?php
session_start();
//This displays your login form
function index(){
echo "<form action='?act=login' method='post'>"
."Username: <input type='text' name='username' size='30'><br>"
."Password: <input type='password' name='password' size='30'><br>"
."<input type='submit' value='Login'>"
."</form>";
}
//This function will find and checks if your data is correct
function login(){
//Collect your info from login form
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
//Connecting to database
$connect = mysql_connect("myserver", "username", "password");
if(!$connect){
die(mysql_error());
}
//Selecting database
$select_db = mysql_select_db("database_name", $connect);
if(!$select_db){
die(mysql_error());
}
//Find if entered data is correct
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = mysql_fetch_array($result);
$id = $row['id'];
$select_user = mysql_query("SELECT * FROM users WHERE id='$id'");
$row2 = mysql_fetch_array($select_user);
$user = $row2['username'];
if($username != $user){
die("Username is wrong!");
}
$pass_check = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id'");
$row3 = mysql_fetch_array($pass_check);
$email = $row3['email'];
$select_pass = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id' AND email='$email'");
$row4 = mysql_fetch_array($select_pass);
$real_password = $row4['password'];
if($password != $real_password){
die("Your password is wrong!");
}
//Now if everything is correct let's finish his/her/its login
session_register("username", $username);
session_register("password", $password);
echo "Welcome, ".$username." please continue on our <a href=index.php>Index</a>";
}
switch($act){
default;
index();
break;
case "login";
login();
break;
}
?>
请帮我解决这个问题......
答案 0 :(得分:3)
登录时您没有使用md5进行检查....
使用 $ password = md5($ _ REQUEST ['password']);在login function()
。
这将使用正常密码并在数据库中使用加密版本进行检查,然后将成功登录用户。
希望这有帮助。
答案 1 :(得分:1)
您不应将strip_tags()
应用于$_POST['password']
,只需将传入值提供给密码哈希功能。
为了保护用户的密码,您需要比md5
哈希密码做得更好。
你需要
好消息是你可以使用一个插件库并使用它:PHPass
require('PasswordHash.php');
$pwdHasher = new PasswordHash(8, FALSE);
// $hash is what you would store in your database
$hash = $pwdHasher->HashPassword( $_POST['password'] );
// $hash would be the $hashed stored in your database for this user
$checked = $pwdHasher->CheckPassword($_POST['password'], $hash);
if ($checked) {
echo 'password correct';
} else {
echo 'wrong credentials';
}
答案 2 :(得分:0)
在检查正确的登录详细信息时,将详细信息传递给sql查询时,使用md5()加密输入密码。
$password_encrypt = md5($password);
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password_encrypt '");