UPDATE(solved):之前我将密码长度设置为15个字符,因为密码被加密为md5,所以应该是32个字符。现在它运行良好。谢谢你的回答和建议。
下面是注册php代码。代码工作良好,能够在数据库中存储md5密码。
<html>
<?php
error_reporting(0);
if($_POST['submit'])
{
$name = mysql_real_escape_string($_POST['name']);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password1 = mysql_real_escape_string($_POST['password1']);
$enc_password = md5($password);
if($name && $username && $password && $password1)
{
if(strlen($name)<30)
{
if(strlen($username)<10)
{
if(strlen($password)<15 || strlen($password)>6)
{
if($password == $password1)
{
require "dbc.php";
$query = mysql_query("INSERT INTO users VALUES ('$name','$username','$enc_password')");
echo "Registration Complete! <a href='index.php'>Click here to login</a>";
}
else
{
echo "Passwords must match";
}
}
else
{
echo "Your password must be between 6 and 15 characters";
}
}
else
{
echo "Your username is too long";
}
}
else
{
echo "Your name is too long";
}
}
else
{
echo "All fields are required";
}
}
?>
<form action="register.php" method="POST">
Name: <input type="text" name="name" value="<?php echo "$name"; ?>"> Max Length:30<p>
Username: <input type="text" name="username" value="<?php echo "$username"; ?>"> Max Length:10<p>
Password: <input type="password" name="password"> Max length:15<p>
Re-Enter Password: <input type="password" name="password1"><p>
<input type="submit" name="submit" value="Register">
</form>
<input type="button" value="<< Back to Login Area" onclick="window.location='../login%20and%20registration/members.php'">
</html>
下面是登录php代码。
<?php
session_start();
require "dbc.php";
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$enc_password = md5($password);
if($username&&$password)
{
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow!=0)
{
while($row = mysql_fetch_assoc($query))
{
$db_username = $row['username'];
$db_password = $row['password'];
}
if($username==$db_username&&$password==$db_password)
{
//echo "Logged in <a href='members.php'>Click here to enter the members area</a>";
$_SESSION['username']=$db_username;
header("location: members.php");
}
else
{
header("location: index.php?error=Incorrect Password");
}
}
else
{
header("location: index.php?error=That user doesn't exist");
}
}
else
{
header("location: index.php?error=All fields are required");
}
?>
问题是当我尝试登录时,我一直得到"不正确的密码"。我想从数据库中找回密码有点问题。有人能帮忙吗?
您需要使用$enc_password代替$password:
if($username==$db_username&&$password==$db_password)
注:此外,如果你使用md5,那么不要做mysql_real_escape_string(), md5将改变你的字符串,所有的注入将被删除。
P.P.S.使用PDO代替mysql_*
用户名必须是不区分大小写所以最好这样做:
if(strcasecmp($username, $db_username)===0 && $password==$db_password)
strcasecmp
change
if($username==$db_username&&$password==$db_password)
if($username == $db_username && $enc_password == $db_password)
您使用的是$password,但它应该是$enc_password
你正在比较$password和$db_password,而你应该比较$enc_password和$db_password。
if($username==$db_username&&$enc_password==$db_password)
在你的情况下,你应该这样比较
$password = md5($password);//change value entered of password to md5
if($username==$db_username&&$password==$db_password)