1
目前我想为我的网站创建一个登录脚本,这里是代码:PHP登录脚本始终打印“错误的用户名或密码”
<?php
ini_set('display_errors', 1);
error_reporting (E_ALL);
ob_start();
$host="localhost";
$user="root";
$password="1234";
$dbname="thewebsite";
$tbl_name="Accounts";
$con = mysqli_connect($host, $user, $password, $dbname)or die("cannot connect");
$myusername=$_POST['user'];
$mypassword=$_POST['pass'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($con, $myusername);
$mypassword = mysqli_real_escape_string($con, $mypassword);
$sql="SELECT * FROM $tbl_name WHERE userName='$myusername' and passwd='$mypassword'";
$result=mysqli_query($con, $sql);
$count=mysqli_num_rows($result);
if($count==1) {
session_register("user");
session_register("pass");
header("location:loginsuccess.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
出于某种原因,它总是会显示“错误的用户名。或密码,即使它是正确这里的数据库:
DROP DATABASE IF EXISTS thewebsite;
CREATE DATABASE thewebsite;
USE thewebsite;
CREATE TABLE Accounts (
emailAddress VARCHAR(255),
userName VARCHAR(20),
passwd VARCHAR(128)
);
INSERT INTO Accounts VALUES ("[email protected]", "xxx", MD5("xxx"));
我真的想不通,是什么问题,我使用的是MySQL 5.6.17.0,PHP 5.5.10和Apache 2.4.9
您正在将数据库中的用户原始密码与md5哈希进行比较。更重要的是md5坏了,不要用它,也不要用pw, –
MD5(呻吟)使用这个=> http://security.stackexchange.com/q/36471 –
很酷的孩子们使用md6 –