HTML:
这两种形式的HTML,看起来像:
当选择买家或商家时..
<form action="#" method="post">
Buyer <input type="radio" name="addType" value="Buyer" />
Merchant <input type="radio" name="addType" value="Merchant" /><br />
New PricedWrite User? <a href="../register">Register</a>
</form>
<div class="buyer">
<form method="post" action="check_buyer.php">
Username or Email: <input class="UserReg" style="width:350px;" type="text" name="userName" /> <br />
Password: <input class="UserReg" style="width:350px;" type="password" name="userPass" /> <br />
<input type="submit" class="UserReg" name="submit" value="Sign In" />
</form>
</div><!--/buyer-->
<br />
<div class="merch">
<form method="post" action="check_merchant.php">
Username or Email: <input class="UserReg" style="width:350px;" type="text" name="userName" /> <br />
Password: <input class="UserReg" style="width:350px;" type="password" name="userPass" /> <br />
<input type="submit" class="UserReg" name="submit" value="Sign In" />
</form>
check_buyer.php(与html文件位于同一目录中)
<?php
require_once('../inc/db/dbc.php');
$connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
mysql_select_db($db);
$LoginUserName = $_POST['userName'];
$LoginPassword = mysql_real_escape_string($_POST['userPass']);
//connect to the database here
$LoginUserName = mysql_real_escape_string($LoginUserName);
$query = "SELECT uUPass, dynamSalt
FROM User
WHERE uUName = '$LoginUserName';";
$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such user exists
{
echo "No Such User";
}
$ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);
$dynamSalt = $ifUserExists['dynamSalt']; #get value of dynamSalt in query above
$SaltyPass = hash('sha512',$dynamSalt.$LoginPassword);
if($SaltyPass != $ifUserExists['uUPass']) //incorrect password
{
echo "No Such Pass<br />";
echo '$LoginPass Value: '.$LoginPassword;
}
else
{
echo "Success";
}
?>
目前,当我输入有效用户并通过时,它基本上只是重新加载页面。这有什么问题?
我最初在注册时创建通行证的方式是:
if(!empty($_POST['userPass']))
$escapedInputtedPass=mysql_real_escape_string($_POST['userPass']);
$dynamSalt = mt_rand();
$SaltyPass = hash('sha512',$dynamSalt.$escapedInputtedPass);
为什么这不符合我检查的方式?唯一的区别是,它不必生成传递,因为传入现在存储在dynamSalt
的{{1}}列下。有谁看到了什么?
$ SaltyPass = hash('sha512',$ dynamSalt。$ escapedInputtedPass);
答案 0 :(得分:-1)
我认为您在查询中有错误:
$query = "SELECT uUPass, dynamSalt FROM User WHERE uUName = '$LoginUserName';"; //change to $query = "SELECT uUPass, dynamSalt FROM User WHERE uUName = '$LoginUserName'"; //semicolon removed
希望有效