注册表格错误?

时间:2013-11-25 19:59:40

标签: php registration

我已经为我的网站创建了一个注册表单和一个登录表单。一切正常,除了这个:当我尝试登录我的网站时,我必须输入加密的密码,而不是我实际输入的密码。我有注册表格盐渍和一切,所以我会让它这样用户可以使用他实际输入的密码登录吗? 感谢

Register.php 

<?php
include 'header inc.php';
$error = "";
if (@$_POST['register']) {
 $firstname = strip_tags($_POST['firstname']);
 $lastname = strip_tags($_POST['lastname']);
 $username = strip_tags($_POST['username']);
 $email = strip_tags($_POST['email']);
 $password1 = strip_tags($_POST['password']);
 $password2 = strip_tags($_POST['passwordrepeat']);

 $day = strip_tags($_POST['day']);
 $month = strip_tags($_POST['month']);
 $year = strip_tags($_POST['year']);
 $dob = "$day/$month/$year";

 if ($firstname == '') {
  echo "Firstname cannot be left empty.";
 }
 else if ($lastname == '') {
  echo "Lastname cannot be left empty.";
 }
 else if ($username == '') {
  echo  "Username cannot be left empty.";
 }
 else if ($email == '') {
  echo  "Email cannot be left empty.";
 }
 else if ($password1 == '') {
  echo  "Password cannot be left empty.";
 }
 else if ($password2 == '') {
  echo "Repeat Password cannot be left empty.";
 }
 else if ($day == '') {
  echo "The day you were born cannot be left empty.";
 }
 else if ($month == '') {
  echo "The month you were born cannot be left empty.";
 }
 else if ($year == '') {
  echo "The year you were born cannot be left empty.";
 }
 else {
 //Check the username doesn't already exist
 $check_username = mysql_query("SELECT username FROM users WHERE username='$username'");
 $numrows_username = mysql_num_rows($check_username);
 if ($numrows_username != 0) {
  echo 'That username has already been registered.';
 }
 else
 {
  $check_email = mysql_query("SELECT email FROM users WHERE email='$email'");
 $numrows_email = mysql_num_rows($check_email);
 if ($numrows_email != 0) {
  $error = 'That email has already been registered.';
 }
 else
 {
   $salt1 = "francis";
   $salt1 = md5($salt1);
   $salt2 = "cookie";
   $salt2 = md5($salt2);
   $salt3 = "php";
   $salt3 = md5($salt3);
   $password1 = $salt1.$password1.$salt3;
   $password1 = md5($password1.$salt2);
   $password2 = $salt1.$password2.$salt3;
   $password2 = md5($password2.$salt2);
 if ($password1 != $password2) {
 $error = 'The passwords don\'t match!';
 }
 else
 {
 //Register the user
 $register = mysql_query("INSERT INTO users VALUES('','$firstname','$lastname','$username','$email','$password1','$dob','no')");
 die('Regsitered successfully!');
 }
 }
 }
}
}
?>
<html>
<head></head>
<body>

<h2 style="color:#848484;">Create Your Account</h2>
<form action='join.php' method='POST'>
<input type='text' name='firstname'  onclick='value="" ' id='username1'/><p />
<input type='text' name='lastname'  onclick='value=""'id='username1'/><p />
<input type='text' name='username'onclick='value=""'id='username1'/><p />
<input type='text' name='email' onclick='value=""'id='username1'/><p />
<input type='text' name='password' onclick='value=""'id='username1'/><p />
<input type='text' name='passwordrepeat' onclick='value=""'id='username1'/><p />
<input type='text' name='day' value='' size='3' maxlength='2' onclick='value=""'id='username1'/>
<input type='text' name='month' value='' size='6' maxlength='2' onclick='value=""'id='username1'/>
<input type='text' name='year' value='' size='4' maxlength='4' onclick='value=""'id='username1'/><p />

<input type='submit' name='register' value='Create Your Account'id='submit1' />
<?php echo $error; ?>
</form>

</body>

Login.php 

    <?php
include ( 'header inc.php' );
if (isset($_POST['username'])&&($_POST['password'])) {
  $username = strip_tags($_POST['username']);
  $password = strip_tags($_POST['password']);
 $check_username = mysql_query("SELECT username FROM users WHERE username='$username'");
 $numrows = mysql_num_rows($check_username);
 if ($numrows != 1) {
  echo 'That User doesn\'t exist.';
 }
 else
 {
  $check_password = mysql_query("SELECT password FROM users WHERE password='$password' && username='$username'");
  while ($row = mysql_fetch_assoc($check_password)) {
   $password_db = $row['password'];

   if ($password_db == $password) {
     $_SESSION['username'] = $username;
    header("Location: template.php");
   }
  }
 }
}

?>



<h2 style="color:#848484;">&nbsp&nbsp&nbsp&nbspLogin to Your Account</h2>
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<form action='login.php' method='POST'>
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type='text' name='username'  id="username1"/><p />
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type='password' name='password' id="username1"/><p />

&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type='submit' name='submit' value='Login to my Account' id="submit1" />
</form>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>

1 个答案:

答案 0 :(得分:0)

您正在将密码和md5存储在数据库中,因此当您将其从数据库中取出时,它仍然是这样的。您需要对要检查的密码执行相同的操作。

$salt1 = "francis";
$salt1 = md5($salt1);
$salt2 = "cookie";
$salt2 = md5($salt2);
$salt3 = "php";
$salt3 = md5($salt3);
$password1 = $salt1.$password.$salt3;
$password1 = md5($password1.$salt2); 
if ($password_db == $password1) {
    //code
}

但是阅读上面的评论,你还有其他一些重大问题。

相关问题
最新问题