md5是从注册页面发布到数据库的,所以我知道这是有效的,但是我在这里尝试的一切都不让我登录,只是一直告诉我密码错误。
<?php
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["user_name"]) ) {
$user = mysql_real_escape_string($_POST["user_name"]);
$pass_word = mysql_real_escape_string(md5($_POST["pass_word"]));
$pass_word=md5($pass_word);
// Connect to the MySQL database
include "../connect_to_mysql.php";
$sql = mysql_query("SELECT m_id FROM member WHERE user_name='$user' AND pass_word='$pass_word' LIMIT 1"); // query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 1) { // evaluate the count
while($row = mysql_fetch_array($sql)){
$id = $row["m_id"];
}
$_SESSION["m_id"] = $id;
$_SESSION["user"] = $user;
$_SESSION["pass_word"] = $pass_word;
header("location: ../../index.php");
exit();
} else {
echo 'That information is incorrect, try again <a href="member_login.php">Click Here</a>';
exit();
}
}
?>
你对你的密码运行了两次MD5。
$pass_word = mysql_real_escape_string(md5($_POST["pass_word"]));
$pass_word = md5($pass_word);
另外,不要使用MD5,它是完全不安全的,看看使用bcrypt,它是安全的,并且很容易在PHP中实现。用这行代码替换MD5将使您的密码哈希安全。最好加一些盐,盐是一些随机的字符串。它将使你的密码几乎不可能被破解。
$hash = password_hash($password . $salt, PASSWORD_BCRYPT);
从
$pass_word = mysql_real_escape_string(md5($_POST["pass_word"]));
$pass_word=md5($pass_word);
$pass_word=md5($_POST["pass_word"]);