-1

我正在尝试使用 MySQL 数据库中的用户名和密码通过 PHP 登录,该数据库保存用户 ID、用户名和 hashed_pa​​sswords(我之前使用注册表创建,md5 哈希的盐是:2155)。

问题是我无法获取未加密的密码以将其用于登录。

而且我不确定这是否是如何编码查询以根据用户输入从数据库中查找用户名和密码。

$sql = "SELECT * FROM user where username = '$_POST["username"]' AND password = '$_POST["password"]";
$rows = $conn->query($sql);

        if ($userID > 0){
                    echo "Hello World";
            header("Location: login_success.php");
        }

        else{
                        echo "Unsuccessful";
            header("Location: index.php");
        }
4

4 回答 4

0

Rather than using MD5 or trying to decrypt the password - as others here have suggested - simply use PHP's native password_hash() function which automatically checks if the password is correct for you.

Encrypt the password like this: 

$unencrypted_password = 'secret!'; 
$encrypted_password = password_hash($unencrypted_password,  PASSWORD_DEFAULT);

Then insert into your DB like so:

INSERT INTO users (encrypted_password, username) VALUES ($encrypted_password, $username);

When you want to check if the password is correct, select the password from the database with:

SELECT encrypted_password FROM users WHERE username = $username;

Finally, check that the password is correct by using passoword_verify():

$correct = password_verify($unecnrypted_password, $encrypted_password);
if($correct == true) {
    echo 'correct password!';
} else {
    echo 'password incorrect!';
}

Be careful to protect against SQL-injection, as the above code is vulnerable to it.

于 2015-04-30T08:31:08.077 回答
-1

在插入用户密码“apple”使用md5加密所以输出喜欢“gjdg$fdfjd”并存储在数据库中,在登录表单中你正在检查“apple”等于“gjdg$fdfjd”所以你得到验证错误来解决这个问题为用户密码验证添加相同的加密

 $sql = "SELECT * FROM user where username = '$_POST["username"]' AND password = 'md5($_POST["password"])";

但是如果不尝试诸如暴力破解之类的资源密集型、不实用且不道德的操作,就无法解密 MD5。所以使用一些像这样的加密和解密功能

function encrypt( $q ) {
    $cryptKey  = 'fdf';
    $qEncoded      = base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), $q, MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ) );
    return( $qEncoded );
}

function decrypt( $q ) {
    $cryptKey  = 'fdf';
    $qDecoded      = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), base64_decode( $q ), MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ), "\0");
    return( $qDecoded );
}
于 2015-04-30T06:15:36.500 回答
-1

我是中文phper。你的代码有一些错误;用户在哪里写密码,你需要mad5(密码)

 

   $password = mad5($_post['password'])

$user = $_post['user'];
$sql = "select * from user where username = $user ";
$rows = $conn->query($sql);
if($rows['password'] ===$password  )
{
 echo "success";
 header("Location: login_success.php");
}else{
echo "unsuccessful";
header("Location: index.php");
}

于 2015-04-30T06:24:46.187 回答
-1

如果在表中插入用户记录时使用了md5加密,那么您的 SQL 将类似于:

$sql = "INSERT INTO `tblUsers` (`username`, `userpassword`) VALUES ('myusernameis', md5('mysecretpass'));";

这意味着当您检索该记录以进行身份​​验证(登录)时,您将使用以下内容:

$sql = "SELECT * FROM `tblUsers` WHERE `username` = 'myusernameis' AND `userpassword` = md5('mysecretpass') LIMIT 1;";
于 2015-04-30T05:50:11.357 回答