-1

更新(已解决):以前我将密码长度设置为 15 个字符,因为密码被加密为 md5,所以它应该是 32 个字符。现在它工作正常。感谢所有的答案和建议。

下面是注册php代码。该代码工作正常,能够将密码存储在 md5 的数据库中。

  <html>
<?php
error_reporting(0);
if($_POST['submit'])
{
    $name = mysql_real_escape_string($_POST['name']);
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $password1 = mysql_real_escape_string($_POST['password1']);

    $enc_password = md5($password);

    if($name && $username && $password && $password1)
    {
        if(strlen($name)<30)
        {
            if(strlen($username)<10)
            {
                if(strlen($password)<15 || strlen($password)>6)
                {
                    if($password == $password1)
                    {
                        require "dbc.php";
                        $query = mysql_query("INSERT INTO users VALUES ('$name','$username','$enc_password')");     
                        echo "Registration Complete! <a href='index.php'>Click here to login</a>";
                    }
                    else
                    {
                        echo "Passwords must match";
                    }
                }
                else
                {
                    echo "Your password must be between 6 and 15 characters";   
                }
            }
            else
            {
                echo "Your username is too long";   
            }
        }
        else
        {
            echo "Your name is too long";
        }
    }
    else
    { 
        echo "All fields are required"; 
    }
}

?>

    <form action="register.php" method="POST">
        Name: <input type="text" name="name" value="<?php echo "$name"; ?>"> Max Length:30<p>
        Username: <input type="text" name="username" value="<?php echo "$username"; ?>"> Max Length:10<p>
        Password: <input type="password" name="password"> Max length:15<p>
        Re-Enter Password: <input type="password" name="password1"><p>
        <input type="submit" name="submit" value="Register">
    </form>
    <input type="button" value="<< Back to Login Area" onclick="window.location='../login%20and%20registration/members.php'">

</html>

下面是登录php代码。

    <?php

session_start();

require "dbc.php";

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$enc_password = md5($password);

if($username&&$password)
{
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
    $numrow = mysql_num_rows($query);

if($numrow!=0)
{
    while($row = mysql_fetch_assoc($query))
    {
        $db_username = $row['username'];
        $db_password = $row['password'];
    }

    if($username==$db_username&&$password==$db_password)
    {
        //echo "Logged in <a href='members.php'>Click here to enter the members area</a>";
        $_SESSION['username']=$db_username;
        header("location: members.php");
    }
    else 
    {
        header("location: index.php?error=Incorrect Password");
    }
}
else 
{
    header("location: index.php?error=That user doesn't exist");
}
}

else 
{
    header("location: index.php?error=All fields are required");
}

?>

问题是我在尝试登录时不断收到“不正确的密码”。我认为从数据库中检索密码是有问题的。任何人都可以帮忙吗?

4

4 回答 4

3

您需要使用$enc_password而不是内联$password

if($username==$db_username&&$password==$db_password)

PS 此外,如果您使用 md5 则不要这样做mysql_real_escape_string()md5将更改您的字符串并且所有注入都将被删除。

PPS 使用PDO代替mysql_*

更新

用户名也必须不区分大小写,所以最好这样做:

if(strcasecmp($username, $db_username)===0 && $password==$db_password)

strcasecmp

于 2013-04-09T06:53:03.247 回答
0

改变

if($username==$db_username&&$password==$db_password)


if($username == $db_username && $enc_password == $db_password)

您正在使用$password,但应该是$enc_password

于 2013-04-09T06:53:30.453 回答
0

您将 $password 与 $db_password 进行比较,而您应该将 $enc_password 与 $db_password 进行比较。

if($username==$db_username&&$enc_password==$db_password)
于 2013-04-09T06:53:54.220 回答
0

在你的情况下,你应该像这样比较

 $password = md5($password);//change value entered of password to md5

 if($username==$db_username&&$password==$db_password)
于 2013-04-09T06:54:11.517 回答