0

我在使用西里尔字符在登录系统中插入用户名和密码时遇到问题。

密码被解码为 SHA1,当我创建一个带有西里尔字符的用户时,它对我不起作用!

你能告诉我是否需要在其中插入一些特殊的东西吗?

代码:

<?php
define(DOC_ROOT,dirname(__FILE__)); // To properly get the config.php file
$username = $_POST['username']; //Set UserName
$password = $_POST['password']; //Set Password
$msg ='';
if(isset($username, $password)) {
ob_start();
include(DOC_ROOT.'/config.php'); //Initiate the MySQL connection
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($username);
$mypassword = stripslashes($password);
$myusername = mysqli_real_escape_string($dbC, $myusername);
$mypassword = mysqli_real_escape_string($dbC, $mypassword);
$sql="SELECT * FROM login_subadmin WHERE user_name='$myusername' and user_pass=SHA1('$mypassword')";
$result=mysqli_query($dbC, $sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "admin.php"
session_register("myusername");
session_register("mypassword");

header("location:index.php");
}
else {
$msg = "Wrong Username or Password. Please retry";
header("location:login.php?msg=$msg");
}
ob_end_flush();
}
else {
header("location:login.php?msg=Please enter some username and password");
}
?>

谢谢!

4

1 回答 1

0

确保将您的数据库和代码 + 标头设置为将页面处理为 UTF-8。它必须是整个页面的相同字符集。您还可以将 PHP 的散列函数用于 SHA1。

示例代码:

<?php
$myUsername=mysqli_real_escape_string($_POST['username']);
$password=$_POST['password'];
$msg="";

if(isset($username, $password))
{
    ob_start();
    include(DOC_ROOT.'/config.php'); //Initiate the MySQL connection

    $password=sha1($password);
    $result=mysqli_query("SELECT * FROM `login_subadmin` WHERE user_name='$myUsername' AND `user_pass`='$password'", $sql);

    // Mysql_num_row is counting table row
    $count=mysqli_num_rows($result);
}
?>

请记住,使用 mysqli_real_escape_string(); 时,哈希可能会得到不同的结果;在密码哈希中。如果您已经对密码进行了散列:加密,只需在散列之前转义密码。

于 2012-06-28T19:10:36.073 回答