所以我有我的登录脚本,我试图开始工作,但是当我尝试登录时,即使我在下面包含的测试表明预期:(密码哈希在这里)发现:(相同的密码)哈希在这里我已经多次修改代码以尝试修复它,并完成了大量的谷歌搜索(对于那些想给我lmgtfy链接的人)试图修复它。我尽可能多地包含了代码而不必添加假的细节,因此堆栈溢出会让我添加更多代码:
实际脚本:
else{
$login = login($username, $password);
if ($login === false) {
$errors[] = 'That username/password is incorrect';
} else {
echo "ok";
$_SESSION['user_id'] = $login;
header('Location: index2.php');
exit();
}
}
print_r($errors);
//echo "expected to see: ". $pass. " "; //this was a test
//echo "found: ".$passen; //this was too
登录功能:
function login($username, $password){
$user_id = sanitize($username);
$db = get_my_db();
$username = sanitize($username);
$password = md5($password);
$sql = "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
return ($db->query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'") === 1) ? $user_id : false; }
sanitize()函数只是mysqli_real_escape_string($data)如果你还需要其他东西,请告诉我,我会把它放进去。顺便说一句,测试脚本是这样的:和预期的功能只需将$密码转换为md5。
$res = $db->query("SELECT `password` FROM users WHERE username = '$username'");
$row = $res->fetch_assoc();
$pass = $row['password'];
$passen = expected($password);
答案 0 :(得分:1)
我不知道它失败了,但有一些提示:
sha1密码mysqli_第一个参数调用$con,例如mysqli_real_escape_string($con, $var); $con,请写function
login() { global $con; }