我发布了我的问题
here,在我编辑帖子之前它已经关闭,因为这不是一个真正的问题!
我有一个这样的登录表单:
<html> <head> <title>Password Checking Script</title> </head> <body> <form action="check_user-pass.PHP" method="POST"> <h3>Please Login</h3> User Name: <input type="text" name="user_name"><br> Password: <input type="password" name="password"> <input type="submit" name="submit" value="Login!"> </form> </body> </html>
如您所见,此表单通过check_user-pass.PHP对用户进行身份验证.
它在我的数据库中查找这些凭据;如果它们存在,则返回OK,否则返回NO值.
所以我的问题是:我应该在check_user-pass.PHP中包含哪些代码?
我试图添加更多代码,但也不能这样做!我目前的代码是:
<?PHP ob_start(); $host=""; // Host name $username=""; // MysqL username $password=""; // MysqL password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select databse. MysqL_connect("$host","$username","$password") or die(MysqL_error()); echo "Connected to MysqL<br />"; MysqL_select_db("$db_name") or die(MysqL_error()); echo "Connected to Database<br />"; // Check $username and $password /* if(empty($_POST['username'])) { echo "UserName/Password is empty!"; return false; } if(empty($_POST['password'])) { echo "Password is empty!"; return false; } */ // Define $username and $password $username=$_POST['username']; $password=md5($_POST['pass']); // To protect MysqL injection (more detail about MysqL injection) $username = stripslashes($username); $password = stripslashes($password); $username = MysqL_real_escape_string($username); $password = MysqL_real_escape_string($password); $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"; $result=MysqL_query($sql); // MysqL_num_row is counting table row $count=MysqL_num_rows($result); // If result matched $username and $password,table row must be 1 row if ($count==1) { echo "Success! $count"; } else { echo "Unsuccessful! $count"; } ob_end_flush(); ?>
您的表单中的名称是user_name,但在您的脚本中,您需要查找用户名
原文链接:/php/136998.html$username=$_POST['username'];
应该
$username=$_POST['user_name'];
编辑:
如果在将密码放入数据库之前使用crypt加密密码,请尝试使用此密码
$sql="SELECT * FROM $tbl_name WHERE username='$username'"; $result=MysqL_query($sql); // MysqL_num_row is counting table row $count=MysqL_num_rows($result); // If result matched $username and $password,table row must be 1 row if($count==1){ $row = MysqL_fetch_assoc($result); if (crypt($password,$row['password']) == $row['password']){ session_register("username"); session_register("password"); echo "Login Successful"; return true; } else { echo "Wrong Username or Password"; return false; } } else{ echo "Wrong Username or Password"; return false; }
编辑:
myBB似乎使用了大量的md5哈希密码,试试这个
$sql="SELECT * FROM $tbl_name WHERE username='$username'"; $result=MysqL_query($sql); // MysqL_num_row is counting table row $count=MysqL_num_rows($result); // If result matched $username and $password,table row must be 1 row if($count==1){ $row = MysqL_fetch_assoc($result); if (md5(md5($row['salt']).md5($password)) == $row['password']){ session_register("username"); session_register("password"); echo "Login Successful"; return true; } else { echo "Wrong Username or Password"; return false; } } else{ echo "Wrong Username or Password"; return false; }
此外,散列是一种方法,因此您无法获取数据库中已有的密码,您只需让用户更改/更新其密码即可.如果以上工作,那么你就不必关闭加密,一切都应该没问题.