我目前正在测试md5不以纯文本格式存储密码。 我正在处理2个文件,第一个注册用户并在数据库中插入密码的md5。 第二个文件是login.php,我尝试用户登录,比较键入的密码的哈希值与存储的哈希值, 在测试2个值与回声相等后,头重定向isn' t工作,这里是我的代码为login.php,如果任何人都可以给我一些提示:Php会话,标头和密码哈希值
<?php
include("../config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sqlx = "SELECT passcode FROM jdashboard WHERE username = '".$myusername."'";
$resultx = mysqli_query($db,$sqlx);
$rowx = mysqli_fetch_array($resultx,MYSQLI_ASSOC);
$storedpass=$rowx['passcode'];
$enc_password = md5($mypassword);
/*echo $enc_password;
echo "<br>";
echo $storedpass;*/
/*
$compare=strcmp($string1,$string2);
*/
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$admin=0;
//session_register("myusername");
$_SESSION['myusername'] = 'myusername';
$sql = "SELECT admin FROM jdashboard WHERE username = '".$myusername."'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$admin= $row['admin'];
$_SESSION['login_user'] = $myusername;
if ($admin=='1'){
header("location: welcome.php");
}
else if ($admin=='0' && $storedpass == $enc_password){
header("location: https://one.potentiallead.com/dshb/usr");
}
else {
$error = "Your Login Name or Password is invalid";
} }
}
?>
谢谢你提前!
您的数据库在您散列之前先转义您的密码。想想为什么这是一个坏主意。 – Progrock
如果我直接去welcome.php会发生什么? – Progrock
您好,您将被重定向到login.php,将会考虑以前的几个注释 – Lalati