这是“注册成功”页面:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Registration Successful</title>
</head>
<body>
<p>
<?php
// Make a MySQL Connection
mysql_connect("localhost", "userid", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$name=$_POST['name'];
$age=$_POST['age'];
// These only work for CRYPT_SHA512, but it should give you an idea of how crypt() works.
$Salt = uniqid(); // Could use the second parameter to give it more entropy.
$Algo = '6'; // This is CRYPT_SHA512 as shown on http://php.net/crypt
$Rounds = '10000'; // The more, the more secure it is!
// This is the "salt" string we give to crypt().
$CryptSalt = '$' . $Algo . '$rounds=' . $Rounds . '$' . $Salt;
$hashed_password = crypt($_POST['password'], $CryptSalt);
// Insert a row of information into the table "example"
mysql_query("INSERT INTO example
(name, age, password) VALUES('$name', '$age', '$hashed_password' ) ")
or die(mysql_error());
echo "Data Inserted!";
?>
</p>
<p><a href="login.php">Click here to Login!</a></p>
</body>
</html>
这是登录检查页面:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Check</title>
</head>
<body>
<p>
<?php
// Make a MySQL Connection
mysql_connect("localhost", "userid", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$name=$_POST['name'];
// These only work for CRYPT_SHA512, but it should give you an idea of how crypt() works.
$Salt = uniqid(); // Could use the second parameter to give it more entropy.
$Algo = '6'; // This is CRYPT_SHA512 as shown on http://php.net/crypt
$Rounds = '10000'; // The more, the more secure it is!
// This is the "salt" string we give to crypt().
$CryptSalt = '$' . $Algo . '$rounds=' . $Rounds . '$' . $Salt;
$hashed_password = crypt($_POST['password1'], $CryptString);
$result = mysql_query("SELECT * FROM example WHERE name = '$name'");
$row = mysql_fetch_array($result);
if($row["name"]==$name && crypt($row["password"], $hashed_password) == $hashed_password){
echo"Hello $name !!!";
}
else{
echo"Sorry, your credentials are not valid, Please try again.";
}
?>
</p>
</body>
</html>
问题是,当我尝试使用注册时使用的相同名称和密码登录时,我得到以下结果:
抱歉,您的凭据无效,请重试。
谁能告诉问题是什么?我的问题可能很愚蠢,但我是入门级程序员,我真的需要帮助。
提前非常感谢。
这是我在注册时保存盐并在登录时检索的修改后的代码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Check</title>
</head>
<body>
<p>
<?php
// Make a MySQL Connection
mysql_connect("localhost", "userid", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$name=$_POST['name'];
// These only work for CRYPT_SHA512, but it should give you an idea of how crypt() works.
//$Salt = uniqid(); // Could use the second parameter to give it more entropy.
//$Algo = '6'; // This is CRYPT_SHA512 as shown on http://php.net/crypt
//$Rounds = '10000'; // The more, the more secure it is!
// This is the "salt" string we give to crypt().
//$CryptSalt = '$' . $Algo . '$rounds=' . $Rounds . '$' . $Salt;
$result = mysql_query("SELECT * FROM example WHERE name = '$name'");
$row = mysql_fetch_array($result);
$CryptSalt = $row["salt"];
$hashed_password = crypt($_POST['password1'], $CryptSalt);
if($row["name"]==$name && crypt($row["password"], $hashed_password) == $hashed_password){
echo"Hello $name !!!";
}
else{
echo"Sorry, your credentials are not valid, Please try again.";
}
?>
</p>
</body>
</html>