0

我是 php 的初学者,我想做的是创建一个注册和登录。我尝试注册一个用户并且它可以工作,但是当我登录时说:登录失败。我无法理解发生了什么。请有人解释我做错了什么!

regproc.php

<?php
if(isset($_POST['reg']))
{
require "dbconn.php";
//$username = strip_tags($_POST['username']);
//$password=md5(strip_tags($_POST['password']));

// $repass=md5(strip_tags($_POST['repassword']));

$username = strip_tags($_POST['username']);
$password = $_POST['password'];
$email=$_POST['email'];
// A higher "cost" is more secure but consumes more processing power
$cost = 10;

// Create a random salt
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');

// Prefix information about the hash so PHP knows how to verify it later.
// '$2a$?' Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
$salt = sprintf('$2a$%02d$?', $cost) . $salt;

// Value:
// $2a$10$eImiTXuWVxfM37uY4JANjQ==

// Hash the password with the salt
$hash = crypt($password, $salt);

// Value:
// $2a$10$eImiTXuWVxfM37uY4JANjOL.oTxqp7WylW7FCzx2Lc7VLmdJIddZq

//if(!strcmp($password,$repass)==0)
//
//header('Location:./reg.php?pass=password not match');
//exit (0);
//
/*This insert command for username and password only, if you need any other column you can insert it here*/
mysql_query("INSERT INTO users(username,password,hash,email) VALUES ('$username','$password','$hash','$email')") or  die("".mysql_error());
//Here you can write conformation or success message or use any redirect

}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<label>Username:<input type="text" name="username" /></label>
<label>Password:<input type="password" name="password" /></label>
<label>Email:<input type="text" name="email" /></label>
<span style="size:10%;color:#FF0000"><?php if(isset($_GET["pass"])) { echo $_GET["pass"]; }
?></span>
<input type="submit" value="reg" name="reg" />

</form>

登录.php

<?php


if(isset($_POST['username']) && isset($_POST['password']))
{
    $username = $_POST['username']; // e.g. 'Admin'
    $password = $_POST['password']; // e.g. 'gf45_gdf#4hg'; 

    $dbh = new PDO('mysql:host=localhost;dbname=universiteti', 'root', '');
    $sth = $dbh->prepare('SELECT hash FROM users WHERE username = :username LIMIT 1');    
    $sth->bindParam(':username', $username);    
    $sth->execute();    
    $user = $sth->fetch(PDO::FETCH_OBJ);

    // Hashing the password with its hash as the salt returns the same hash
    if ( crypt($password, $user->hash) == $user->hash ) {      
      exit('Logged in successfully');
    }
    else
    {
        exit('Login failed');
    }
}    
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">    
    <input type='text' name="username"  maxlength="50" placeholder="Username" />    
    <input type='password' name='password' maxlength="50" />
    <input type='submit' name='Submit' value='Log In' />
</form>
4

2 回答 2

0

我写了这段代码用于登录。希望它会帮助你。

<?php
if($_POST) {
$username = $_POST['username'];
$password = $_POST['password'];

$con = mysql_connect("localhost","root","***");
if(!$con) {
die('Could not connect: ' . mysql_error());
}

mysql_select_db("databasename", $con);

$result = mysql_query("SELECT uname, upasswd FROM Users");

while($row = mysql_fetch_array($result)) {
if($row['uname'] == $username && $row['upasswd'] == $password) {

$_SESSION['username'] = $username;
header("Location: index.php");
    exit;
 }
}
echo '<script type="text/javascript">alert(\'Wrong username or password\')</script>';
}
?>

注册

<?php
$con = mysql_connect("localhost","root","");
if(!$con) {
die('couldn't connect: ' . mysql_error());
}

mysql_select_db("universiteti", $con);
if(isset($_POST['uname'])){
    // write to the database inside of here

$res = mysql_query("INSERT INTO users (username, password, email,emri) VALUES('{$_POST['uname']}', '{$_POST['pwd']}', '{$_POST['email']}', '{$_POST['name']}')");

if(! $res) {
  echo '<script type="text/javascript">alert(\Enter valid data ! \')</script>';
           }
 else {
$user_check = mysql_query("SELECT username FROM users WHERE username='{$_POST['uname']}'");

$do_user_check = mysql_num_rows($user_check);


//Now if email is already in use


$email_check = mysql_query("SELECT email FROM users WHERE email='{$_POST['email']}'");

$do_email_check = mysql_num_rows($email_check);


//Now display errors


if($do_user_check > 1){

echo '<script type="text/javascript">alert(\'This username is already in use! \')</script>';

}

if($do_email_check > 1){

echo '<script type="text/javascript">alert(\'This email is already in use! \')</script>';
}       
}
echo '<script type="text/javascript">alert(\'Successfuly registrated! \')</script>';

}
?>

在您的 html 表单中,将变量名称保留为 uname、pwd、email

于 2013-05-14T12:29:30.897 回答
0

首先,您只需要保存哈希以确定密码是否输入正确,不要在数据库中保存纯密码。另外,如果您正在使用 PDO,请使用它,我的意思是

$stmt = $dbh->prepare("INSERT INTO users(username,hash,email) 
VALUES(:username,:hash,:email)");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':hash', $hash);
$stmt->bindParam(':email', $email);
$stmt->execute();

同样奇怪的是您的哈希是“* 0”,也许您在数据库中将哈希字段的长度设置为 2?

于 2013-05-14T12:47:40.577 回答