2

用户注册页面有效,这意味着盐和哈希密码正确保存在数据库中。登录报告无效的用户名/密码。如果这很重要,我在数据库中将 salt 和密码设置为 varchar(64)。

我似乎无法找出为什么它不起作用。我想相信错误出在 $query 或 $count 变量中。

登记:

<?php
include('config.php');
#Setup Credentials
$uname = mysql_real_escape_string($_POST['uname']);
$escapedPW = mysql_real_escape_string($_POST['pass']);
$email = mysql_real_escape_string($_POST['email']);
#Salt Credentials
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$saltedPW =  $escapedPW . $salt;
$hashedPW = hash('sha256', $saltedPW);
#checks and queries
$usercheck = mysql_query("SELECT * FROM users WHERE username = '$uname'");
$emailcheck = mysql_query("SELECT * FROM users WHERE email = '$email'");
$count = mysql_num_rows($usercheck);
$count2 = mysql_num_rows($emailcheck);
$query = "INSERT INTO users (username, password, email, salt) VALUES ('$uname', '$hashedPW', '$email', '$salt')";
$error = "";

if(isset($_POST['submit'])){
    if(empty($_POST['uname']) || empty($_POST['pass']) || empty($_POST['email'] )){
      echo 'A field is empty!';}      
    else{
            if($count != 0){$error = 'Username is already registered.';}
            elseif ($count2 != 0 ) {$error = 'Email is already registered.';}
                else{ mysql_query($query);}
    }
}
?>

登录:

<?php
include("config.php");
if (isset($_POST['submit'])) { 
   if (!$_POST['username'] | !$_POST['password'] ) {
    die('You did not complete all of the required fields');
  }
else{
    $username = mysql_real_escape_string($_POST['username']);
    $escapedPW = mysql_real_escape_string($_POST['password']);

    $saltquery = "SELECT salt FROM users WHERE username = '$username';";
    $result = mysql_query($saltquery);

    $row = mysql_fetch_assoc($result);
    $salt = $row['salt'];

    $saltedPW =  $escapedPW . $salt;

    $hashedPW = hash('sha256', $saltedPW);

    $query = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';";
    $count = mysql_num_rows($query);

    if($count == 0){
      header("location:index.php?status=1");
    }
      else {
              // store cookie $myusername, $mypassword and redirect to index
      session_start(); 
      $_SESSION['username'] = $username;
      $_SESSION['password'] = $hashedPW;
      setcookie('username', $username, time()+60 * 60 * 4, '/', 'www.site90.net');
      setcookie('password', $hashedPW, time()+60 * 60 * 4, '/', 'www.site90.net');
      header("location:index.php");
    }
}}
?>
4

1 回答 1

1

有问题的是这些: 

$query = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';";
$count = mysql_num_rows($query);

他们应该是:

$sql = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';";
$query = mysql_query($sql);
$count = mysql_num_rows($query);

mysql_num_rows() 期望参数是资源而不是字符串: http: //php.net/manual/en/function.mysql-num-rows.php

于 2012-10-01T01:31:52.093 回答