无法与数据库中的 md5 密码进行比较 - Cannot Compare with md5 password from database

Cannot Compare with md5 password from database

本文关键字：密码比较 md5 数据库 | 更新日期: 2023-09-27

$password_unencrypted = $_POST['passwd'];
$password=md5($password_unencrypted);
$query = "INSERT INTO Customers (firstname, lastname, username, password, " .     "gender,mobile,email) " .     "VALUES ('$first_name', '$last_name', '$user_name', '$password', " .     " '$gender','$mobile','$email')";

$username=$_POST['username'];
$password=md5($_POST['password']); 
 $sql = ("select * from Customers where username='".$username."' and password='".$password."'") or die('Error connecting to MySQL server.');
     $query = mysqli_query($con,$sql);
     $result=mysqli_fetch_row($query);

         if($result)
         {             
           $_SESSION['username']=$username;
           header('location:home.html');           
         }
         else
         {
             echo md5($_POST['password']);
             echo 'Your entered username or password is incorrect';
         }

在上面的注册和登录代码中，我正在应用 md5 进行密码存储

我在数据库中签入了md5密码正确存储但无法正确检索（我认为）

尝试登录页面失败

仅供参考：echo md5（$_POST["密码"]）;在登录中.php显示存储在数据库中的相同密码

这是

修复您的登录.php代码

的方法

您完全检查错误，您需要首先检查查询是否成功运行，然后检查返回的行是否大于 0，这意味着用户名正确，我们继续密码检查是否一切正常，我们开始会话假设您在页面顶部有 session_start（）如果没有在$_SESSION['username'] = $username;之前添加它查看手册以了解password_hash()和password_verify()

在注册时.php修改将密码保存到数据库中 $password = md5($_POST['password']);到$password = password_hash($_POST['password'], PASSWORD_DEFAULT);

    <?php
if isset($_POST['submit']) {
$username= mysqli_real_escape_string($con, trim($_POST['username']));
$password = trim($_POST['password']); // no need to sanitize the password 
 $sql = "select * from Customers where username = '" .$username."' "; // you don't need or Die() it's just a string
     if ($result = mysqli_query($con,$sql)) //check if the Query succeeded running
     {
     $count = mysqli_num_rows($result);
         if($count > 0 ) 
         { // if username exists we proceed to checking password
        $fetch = mysqli_fetch_assoc($result);
        $hashedpassword = $fetch["password"];
            if ( password_verify($password, $hashedpassword) ) 
            {  //checking password  
           $_SESSION['username']=$username;
           header('location:home.html'); 
            exit;
            }else {
                    echo "incorrect username or password"; // you don't want to tell him that the username is fine but the password is not correct 
             }                      
            } else {
             echo "incorrect username or password";
         }       
     } else {
             echo 'Query failed to run';
         }
}            
?>