2
用户注册页面正常工作,这意味着盐和哈希密码被正确保存在数据库中。登录报告无效的用户名/密码。如果有问题,我将salt和密码设置为数据库中的varchar(64)。PHP错误 - 登录/注册脚本
我只是不能发现它为什么不起作用。我想相信这个错误是在$ query或$ count变量中。
注册:
<?php
include('config.php');
#Setup Credentials
$uname = mysql_real_escape_string($_POST['uname']);
$escapedPW = mysql_real_escape_string($_POST['pass']);
$email = mysql_real_escape_string($_POST['email']);
#Salt Credentials
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$saltedPW = $escapedPW . $salt;
$hashedPW = hash('sha256', $saltedPW);
#checks and queries
$usercheck = mysql_query("SELECT * FROM users WHERE username = '$uname'");
$emailcheck = mysql_query("SELECT * FROM users WHERE email = '$email'");
$count = mysql_num_rows($usercheck);
$count2 = mysql_num_rows($emailcheck);
$query = "INSERT INTO users (username, password, email, salt) VALUES ('$uname', '$hashedPW', '$email', '$salt')";
$error = "";
if(isset($_POST['submit'])){
if(empty($_POST['uname']) || empty($_POST['pass']) || empty($_POST['email'])){
echo 'A field is empty!';}
else{
if($count != 0){$error = 'Username is already registered.';}
elseif ($count2 != 0) {$error = 'Email is already registered.';}
else{ mysql_query($query);}
}
}
?>
登录:
<?php
include("config.php");
if (isset($_POST['submit'])) {
if (!$_POST['username'] | !$_POST['password']) {
die('You did not complete all of the required fields');
}
else{
$username = mysql_real_escape_string($_POST['username']);
$escapedPW = mysql_real_escape_string($_POST['password']);
$saltquery = "SELECT salt FROM users WHERE username = '$username';";
$result = mysql_query($saltquery);
$row = mysql_fetch_assoc($result);
$salt = $row['salt'];
$saltedPW = $escapedPW . $salt;
$hashedPW = hash('sha256', $saltedPW);
$query = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';";
$count = mysql_num_rows($query);
if($count == 0){
header("location:index.php?status=1");
}
else {
// store cookie $myusername, $mypassword and redirect to index
session_start();
$_SESSION['username'] = $username;
$_SESSION['password'] = $hashedPW;
setcookie('username', $username, time()+60 * 60 * 4, '/', 'www.site90.net');
setcookie('password', $hashedPW, time()+60 * 60 * 4, '/', 'www.site90.net');
header("location:index.php");
}
}}
?>
echo $ query,是否与db中的值相同? – 2012-09-30 23:36:26
请勿将varchar()用于您的加密密码等二进制数据。 varchar受制于字符转换规则。加密的数据必须与它进入的相同,为此,您需要一个blob或varbinary类型。 –
@Dagon - 是的,查询返回正确的信息。注释掉重定向给了我这个警告:mysql_num_rows():提供的参数不是第22行中的/home/a5382697/public_html/login.php中有效的MySQL结果资源 – Query