0

伙计们可以告诉我mybb使用什么方法来加密数据库中的密码吗?因为每次我使用用户和密码(正确的用户和密码)时我都会遇到此代码的问题,我有错误:“用户和密码不正确”

我为您提供了我需要帮助的代码的 3 部分(我认为我在类 Login 上有问题):

谢谢你的帮助。

class DB
{
    var $connection;
    var $started;

    function start()
    {
        global $MySQL_Host, $MySQL_User, $MySQL_Pass, $MySQL_DB;

        $this->connection = mysql_connect( $MySQL_Host, $MySQL_User,     $MySQL_Pass );
        mysql_select_db( $MySQL_DB, $this->connection );
    }

    function query( $query )
    {
        $result = mysql_query( $query, $this->connection );

        if( $result )
        {
            return mysql_fetch_full_result_array( $result );
        }
        else
        {
            return $result;
        }
    }

    function end()
    {
        mysql_close( $this->connection );
    }

    function isStarted()
    {
        return $started;
    }
}

function mysql_fetch_full_result_array( $result )
{
    $table_result = array();
    $r = 0;

    if( $result === true )
    {
        return $result;
    }

    if( mysql_num_rows( $result ) == 0 )
    {
        return $result;
    }

    while( $row = mysql_fetch_assoc( $result ) )
    {
        $arr_row = array();
        $c = 0;

        while ( $c < mysql_num_fields( $result ) )
        {       
            $col = mysql_fetch_field( $result, $c );   
            $arr_row[ $col -> name ] = $row[ $col -> name ];           
            $c++;
        }   

        $table_result[ $r ] = $arr_row;
        $r++;
    }   

    return $table_result;
}


class Login
{

    function CheckLogin( $username, $password )
    {
        $db = new DB();
        $db->start();

        $query = "SELECT uid, password, email FROM mybb_users WHERE username='".$username."' AND password='".md5(md5($salt).md5($password))."';";

        $result = $db->query( $query );

        $db->end();

        if( $result == false )
            return false;
 //             fwrite($fh, $result);
 //             fclose($fh);


        if( md5(md5($salt).md5($password)) == $result[ 0 ][ 'password' ] )
        {
            return array( 'uid' => $result[ 0 ][ 'uid' ],
                          'mail' => $result[ 0 ][ 'email' ],
                          'user' => $username
                        );
        }
    }
}
4

1 回答 1

1

您的查询使用$salt,但我没有看到它在代码中的任何地方声明

$query = "SELECT uid, password, email FROM mybb_users WHERE username='".$username."' AND password='".md5(md5($salt).md5($password))."';";
于 2013-05-09T07:04:26.997 回答