我正在使用以下代码在注册期间加密用户注册密码。但问题是我无法再次使用相同的密码登录,我可能是因为DB中的密码不同并加密,与用户输入的密码不一样。
<?php
if(isset($_POST['submit'])) {
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
if(!empty($firstname) && !empty($lastname) && !empty($username) && !empty($email) && !empty($password)) {
$firstname = mysqli_real_escape_string($db_connect, $firstname);
$lastname = mysqli_real_escape_string($db_connect, $lastname);
$username = mysqli_real_escape_string($db_connect, $username);
$email = mysqli_real_escape_string($db_connect, $email);
$password = mysqli_real_escape_string($db_connect, $password);
$sql = "SELECT randsalt FROM user ";
$select_randsalt_query = mysqli_query($db_connect, $sql);
if(!$select_randsalt_query) {
die("Query failed".mysqli_error($db_connect));
}
while($row = mysqli_fetch_array($select_randsalt_query)) {
$salt = $row['randsalt'];
///crypt function takes 2 parameter. one from DB
///and other from user input.
// $password = crypt($password, $salt);
}
$sql_register ="INSERT INTO user(user_firstname, user_lastname, username, user_email, user_password, user_role )";
$sql_register .="VALUES('{$firstname}', '{$lastname}', '{$username}', '{$email}', '{$password}', 'Unknown' ) ";
$query_register = mysqli_query($db_connect, $sql_register);
if(!$query_register) {
die("Query failed".mysqli_error($db_connect));
}
$message = "<h3>Your Registration has been Submitted</h3>";
} else {
$message = "<h3>You Can't leave field Empty</h3>";
}
} else {
$message = '';
}
?>
我尝试在login.php
中做这样的事情<?php
if(isset($_POST['submit'])){
$Username = $_POST['Username'];
$Password = $_POST['Password'];
//To prevent SQL injection and store into new variable
$Username = mysqli_real_escape_string($db_connect, $Username);
$Password = mysqli_real_escape_string($db_connect, $Password);
$sql_login = "SELECT * FROM user WHERE username = '{$Username}' ";
$query_login = mysqli_query($db_connect, $sql_login);
if(!$query_login){
die("Query Failed".mysqli_error($db_connect));
}
while($row = mysqli_fetch_assoc($query_login)){
$username = $row['username'];
$user_password = $row['user_password'];
$user_firstname = $row['user_firstname'];
$user_lastname = $row['user_lastname'];
$user_email = $row['user_email'];
$user_role = $row['user_role'];
}
$Password = crypt($Password, $user_password);
///User validation
if( ($Username === $username && $Password === $user_password) && $user_role === "Admin"){
//Using session to store information from db
//Using session from right to left. Right is the variable got from db.
$_SESSION['USERNAME'] = $username;
$_SESSION['PASSWORD'] = $user_password ;
$_SESSION['FIRSTNAME'] = $user_firstname;
$_SESSION['LASTNAME'] = $user_lastname;
$_SESSION['EMAIL'] = $user_email;
$_SESSION['ROLE'] = $user_role;
header("Location: ../admin/index.php");
}else{
header("Location: ../index.php");
}
}
?>
但这不起作用。对不起我刚刚加入PHP世界的人并没有深入了解。
答案 0 :(得分:1)
欢迎使用PHP开发。让我让你的生活更轻松:
password_hash()和password_verify(),而不是与Private Sub cmdNewLogNum_Click()
If IsNull(Me.txtStart_Date) Then
MsgBox "Enter Date to generate number", vbOKOnly
Me.txtStart_Date.SetFocus
Else
Me.txtnewLogNum = Nz(DMax("[newLogNum]", "tblSLRTasks", "Year([Start_Date]) = " & Year(Me.[txtStart_Date])), 0) + 1
End If
End Sub
混在一起。各处都有更新的指南可以解释如何更好地使用这些功能,但http://www.phptherightway.com是社区最常用的指南。