1. 首页
  2. 问答
  3. PHP错误 - 登录/注册脚本

PHP错误 - 登录/注册脚本

2012-09-30 159 views
2

用户注册页面正常工作,这意味着盐和哈希密码被正确保存在数据库中。登录报告无效的用户名/密码。如果有问题,我将salt和密码设置为数据库中的varchar(64)。PHP错误 - 登录/注册脚本

我只是不能发现它为什么不起作用。我想相信这个错误是在$ query或$ count变量中。

注册:

<?php 
include('config.php'); 
#Setup Credentials 
$uname = mysql_real_escape_string($_POST['uname']); 
$escapedPW = mysql_real_escape_string($_POST['pass']); 
$email = mysql_real_escape_string($_POST['email']); 
#Salt Credentials 
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); 
$saltedPW = $escapedPW . $salt; 
$hashedPW = hash('sha256', $saltedPW); 
#checks and queries 
$usercheck = mysql_query("SELECT * FROM users WHERE username = '$uname'"); 
$emailcheck = mysql_query("SELECT * FROM users WHERE email = '$email'"); 
$count = mysql_num_rows($usercheck); 
$count2 = mysql_num_rows($emailcheck); 
$query = "INSERT INTO users (username, password, email, salt) VALUES ('$uname', '$hashedPW', '$email', '$salt')"; 
$error = ""; 

if(isset($_POST['submit'])){ 
    if(empty($_POST['uname']) || empty($_POST['pass']) || empty($_POST['email'])){ 
     echo 'A field is empty!';}  
    else{ 
      if($count != 0){$error = 'Username is already registered.';} 
      elseif ($count2 != 0) {$error = 'Email is already registered.';} 
       else{ mysql_query($query);} 
    } 
} 
?>

登录:

<?php 
include("config.php"); 
if (isset($_POST['submit'])) { 
    if (!$_POST['username'] | !$_POST['password']) { 
    die('You did not complete all of the required fields'); 
    } 
else{ 
    $username = mysql_real_escape_string($_POST['username']); 
    $escapedPW = mysql_real_escape_string($_POST['password']); 

    $saltquery = "SELECT salt FROM users WHERE username = '$username';"; 
    $result = mysql_query($saltquery); 

    $row = mysql_fetch_assoc($result); 
    $salt = $row['salt']; 

    $saltedPW = $escapedPW . $salt; 

    $hashedPW = hash('sha256', $saltedPW); 

    $query = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';"; 
    $count = mysql_num_rows($query); 

    if($count == 0){ 
     header("location:index.php?status=1"); 
    } 
     else { 
       // store cookie $myusername, $mypassword and redirect to index 
     session_start(); 
     $_SESSION['username'] = $username; 
     $_SESSION['password'] = $hashedPW; 
     setcookie('username', $username, time()+60 * 60 * 4, '/', 'www.site90.net'); 
     setcookie('password', $hashedPW, time()+60 * 60 * 4, '/', 'www.site90.net'); 
     header("location:index.php"); 
    } 
}} 
?>

来源

2012-09-30 Query

+2

echo $ query,是否与db中的值相同? – 2012-09-30 23:36:26

+0

请勿将varchar()用于您的加密密码等二进制数据。 varchar受制于字符转换规则。加密的数据必须与它进入的相同,为此,您需要一个blob或varbinary类型。 –

+0

@Dagon - 是的,查询返回正确的信息。注释掉重定向给了我这个警告:mysql_num_rows():提供的参数不是第22行中的/home/a5382697/public_html/login.php中有效的MySQL结果资源 – Query

回答

1

的问题是这些:

$query = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';"; 
$count = mysql_num_rows($query);

他们应该是:

$sql = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';"; 
$query = mysql_query($sql); 
$count = mysql_num_rows($query);

mysql_num_rows()期望参数是资源而不是字符串: http://php.net/manual/en/function.mysql-num-rows.php

来源

2012-10-01 01:31:52

相关问题

 相关问题