<?php
if(isset($_POST['login'])) {
$con=mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('db') or die("cannot select DB");
$pass = $_POST['pass'];
$user = $_POST['user'];
$encryptedpass = hash('whirlpool', $pass);
$query=mysql_query("SELECT * FROM players WHERE user='".$user."' AND pass='".$encryptedpass."'");
$numrows=mysql_num_rows($query);
echo("$encryptedpass");
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['user'];
$dbpassword=$row['pass'];
}
if($user == $dbusername && $encryptedpass == $dbpassword)
{
echo("logged in");
session_start();
$_SESSION['sess_user']=$user;
header("Location: settings.php");
} else
echo "Invalid username or password!";
}
}
?>
哈希回显正常工作,尽管用户&Pass是正确的,它说无效密码....帮助太好了!
编辑:这很奇怪…当我输入错误的密码时,无效密码不显示…多么奇怪的不确定错误是什么,但下面(基本相同)工作正常。确保你的post值实际上是被传递的,并且添加or die(mysql_error())将告诉你是否在你的sql中有任何错误。
另外,您应该转义字符串(如果不使用预处理语句)
if(isset($_POST['login'])) {
/* Do connection */
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);
$encrypted = hash('whirlpool', $pass);
$q = mysql_query("SELECT id FROM players WHERE user = '".$user."' AND pass = '".$encrypted."'",$server)or die(mysql_error());
if(mysql_num_rows($q)>0) {
/* Login approved */
$row = mysql_fetch_array($q);
print $row['id'];
}else{
/* Could not login */
}
}