-2

我不确定如何搜索我遇​​到的问题。

该代码可以正常生成随机生成的加密密码,但在提交 HTML 表单时密码不起作用。我通过 SQL 查询验证了密码,以确保它是有效的。

为了回应下面的用户,这是我使用的查询:

SELECT * FROM users WHERE email='test@test.com' AND password=MD5('03884d917f');

03884d917f 是生成的密码。我用它正确查询了 test@test.com 帐户。

更简洁:生成的密码在 MySQL 中正确更改,但是在前端提交时我无法使用它登录。

我认为不需要任何额外的代码,唯一有用的是 config.php,它只处理连接数据库和为邮件函数建立变量。

2 次投反对票,但没有实际输入我如何更改帖子以容纳人们。我试图缩小我的问题,我不知道如何解释它。有人想用实质性的东西来回应吗?

PHP:

    <?php
    require_once('config.php');
    mysql_select_db($database,$dbhandle);
    include_once('includes/header.inc.php');
    include_once('includes/navigation.inc.php');

    if (isset($_POST['submit'])) 
    {

    $email = $_POST['remail'];
    $pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
    if (!preg_match($pattern, trim($email))) {
      $error[] = 'Please enter a valid email address';
    } 

    $check = mysql_query("SELECT email FROM users WHERE email = '$email'")or
    die(mysql_error());
    $check2 = mysql_num_rows($check);

    if ($check2 == 0) {
    $error[] = 'Sorry, we cannot find your account details please try another email address.';
    }

    if (!$error) {

    $query = mysql_query("SELECT email FROM users WHERE email = '$email' ")or die         (mysql_error());
    $r = mysql_fetch_object($query);

    $password = substr(uniqid(rand(),1),3,10);
    $pass = md5($password); //encrypted version for database entry

    $to = "$email";
    $subject = "Account Details Recovery";
    $body = "Hi $r->email, \n\n you or someone else have requested your account details. \n\n Here is your account information please keep this as you may need this at a later stage. \n\nYour email is $r->email \n\n your password is $password \n\n Your password has been reset please login and change your password to something more rememberable.\n\n Regards Site Admin";
    $additionalheaders = "From: admin@cenz.cz";
    $additionalheaders .= "Reply-To: admin@cenz.cz";
    mail($to, $subject, $body, $additionalheaders);

    //update database
    $sql = mysql_query("UPDATE users SET password='$pass' WHERE email = '$email'")or die (mysql_error());
    $rsent = true;


    }
    }

    if (!empty($error))
    {
    $i = 0;
    while ($i < count($error)){
    echo "<div class=\"msg-error\">".$error[$i]."</div>";
    $i ++;}
    }


    if ($rsent == true){
echo "<p align='center'>You have been sent an email with your account details to $email</p>\n";
} else {
echo "<h2>Reset Password</h2><p align='center'>Please enter your e-mail address. You will receive a new password via e-mail.</p>\n";
}

    ?>

    <form class="box login" action="" method="post">
    <fieldset class="boxBody">
    <label for="remail">Email Address: </label>
    <input type="text" name="remail" size="50" maxlength="255" tabindex="1" />
    </fieldset>
    <footer>
    <input type="submit" name="submit" value="Reset Password" class="btnLogin" tabindex="2">
    </footer>
    </form>
    <?php include_once('includes/footer.inc.php'); ?>
4

2 回答 2

0

md5() 根据字符编码生成哈希。

例如,如果表编码为 utf-8,则将其编码如下:

$pass = md5(utf8_encode($password));
于 2012-11-17T02:56:14.287 回答
0

我决定以不同的方式加密。该问题与通过 MD5 加密有关。相反,我使用了 sha256 加密。

这是我使用的代码:

    function HashPassword($input)
    {
    random salt
    $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); 
    $hash = hash("sha256", $salt . $input); 
    $final = $salt . $hash; 
    return $final;
    }
    $password = substr(uniqid(rand(),1),3,10);
    $pass = (HashPassword($password));
于 2012-11-17T10:39:59.037 回答