我试图将存储在数据库中的哈希密码与登录帖子密码匹配,使用md5进行哈希处理,但是即使在登录页面上输入的哈希密码,它总是给我错误的密码,似乎无法找到出错的地方。
这是在寄存器页面上对用户密码进行哈希处理然后存储在数据库中的方法
$password = $_POST['password'];
$hash= md5($password);
这是我尝试验证散列密码的方法
在数据库中匹配登录哈希密码
// Escape email to protect against SQL injections
$email = $mysqli->escape_string($_POST['email']);
$password =$_POST['password'];
$hash = md5($password);
$result = $mysqli->query("SELECT * FROM `Agent` WHERE `email`='$email'");
$row = mysql_fetch_row($result);
$db_hash = $row['password'];
if( $db_hash !== $hash )
{
$_SESSION['message'] = "user with that email doesn't exist!";
echo"<script>alert('User login credentials are incorrect..!')</script>";
}
else
{
// User exists
$_SESSION['email'] = $user['email'];
$_SESSION['fname'] = $user['fname'];
$_SESSION['lname'] = $user['lname'];
$_SESSION['cell'] = $user['cell'];
$_SESSION['Agency'] = $user['Agency'];
header("location: Myprofile.php");
}
?>
答案 0 :(得分:-3)
这是实际解决方案..
// Escape email to protect against SQL injections
$email = $mysqli->escape_string($_POST['email']);
$password =$_POST['password'];
$hash = md5($password);
$result = $mysqli->query("SELECT * FROM Agent WHERE email='$email' and password='$password'");
$row = mysql_fetch_row($result);
$count = mysqli_num_rows($result);
// If result matched $email and $password, table row must be 1 row
if($count == 1) {
{
// User exists
$_SESSION['email'] = $row['email'];
$_SESSION['fname'] = $row['fname'];
$_SESSION['lname'] = $row['lname'];
$_SESSION['cell'] = $row['cell'];
$_SESSION['Agency'] = $row['Agency'];
header("location: Myprofile.php");
}
else
{
$_SESSION['message'] = "user with that email doesn't exist!";
echo"<script>alert('User login credentials are incorrect..!')</script>";
}
?>