我目前正在尝试为我的网站创建一个登录脚本,这里是代码:
<?php
ini_set('display_errors', 1);
error_reporting (E_ALL);
ob_start();
$host="localhost";
$user="root";
$password="1234";
$dbname="thewebsite";
$tbl_name="Accounts";
$con = mysqli_connect($host, $user, $password, $dbname)or die("cannot connect");
$myusername=$_POST['user'];
$mypassword=$_POST['pass'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($con, $myusername);
$mypassword = mysqli_real_escape_string($con, $mypassword);
$sql="SELECT * FROM $tbl_name WHERE userName='$myusername' and passwd='$mypassword'";
$result=mysqli_query($con, $sql);
$count=mysqli_num_rows($result);
if($count==1) {
session_register("user");
session_register("pass");
header("location:loginsuccess.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
出于某种原因,它总会显示“错误的用户名或密码,即使它是正确的。这是数据库:
DROP DATABASE IF EXISTS thewebsite;
CREATE DATABASE thewebsite;
USE thewebsite;
CREATE TABLE Accounts (
emailAddress VARCHAR(255),
userName VARCHAR(20),
passwd VARCHAR(128)
);
INSERT INTO Accounts VALUES ("xxx@mail.com", "xxx", MD5("xxx"));
我真的无法解决问题所在,我正在使用MySQL 5.6.17.0,PHP 5.5.10和Apache 2.4.9
答案 0 :(得分:2)
变化:
$sql="SELECT * FROM $tbl_name WHERE userName='$myusername' and passwd='$mypassword'";
成:
$sql="SELECT * FROM $tbl_name WHERE userName='$myusername' and passwd=MD5('$mypassword')";
虽然使用了mysql的MD5(),但我还是使用了PHP的密码散列API(password_hash,password_verify等)。