所以基本上我在我的注册表单中加密了密码,如下所示:
$query = "INSERT INTO users(first_name, last_name, email, password,
username) VALUES ('$fn', '$ln', '$em', SHA('$pw1'), '$un')";
现在密码是散列的,但是当我尝试在我的登录脚本中使用它时它不想工作并且函数 mysql_num_rows 返回 0。
<?php
ob_start();
//If login button is pressed
if(isset($_POST['submitted'])){
//Username clean up
if(preg_match('%^[a-zA-Z0-9_-]{6,20}$%', stripslashes(trim($_POST['username'])))){
$u = escape_data($_POST['username']);
} else {
$u = FALSE;
echo '<p><font color="red" size="+1">Please enter valid username</font></p>';
}
//Password clean up
if(preg_match('%^[a-zA-Z0-9_-]{6,20}$%', stripslashes(trim($_POST['password'])))){
$p = escape_data($_POST['password']);
} else {
$p = FALSE;
echo '<p><font color="red" size="+1">Please enter valid password</font></p>';
}
//Check if both matched
if($u && $p){
$query = "SELECT * FROM users WHERE username='$u' AND password=SHA('$p')";
$result = mysql_query($query);
$count = mysql_num_rows($result);
$row = mysql_fetch_array($result, MYSQL_NUM);
if($count != 0){
$_SESSION['username'] = $row[1];
$_SESSION['password'] = $row[3];
header("Location: login_confirmed.php");
} else {
echo "Wrong username or password!";
}
}
}
ob_end_flush();
?>