-1
我發現這個forum thread做一個登錄和註冊系統,但它不檢查密碼是否正確,只有用戶名。PHP登錄不檢查密碼
這是我的登錄頁面代碼:
<?php
include('config.php');
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
$emailusername = mysqli_real_escape_string($obj->conn,$_POST['emailusername']);
$password = mysqli_real_escape_string($obj->conn,$_POST['password']);
$password = md5($password);
$sql="SELECT uid FROM users WHERE username='$emailusername' or email = '$emailusername' and password='$password'";
$result=mysqli_query($obj->conn,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
$active=$row['active'];
$count=mysqli_num_rows($result);
// If result matched $username and $username, table row must be 1 row
if($count==1)
{
$_SESSION['login_user'] = $emailusername;
header("location: index.php");
}
else
{
$error="<div style ='color:#c53131'>Your Login Name or Password is invalid</div>";
}
}
?>
</div>
<form class="fl" action="login.php" method="post">
<label>Username:</label><br/>
<input type="text" name="emailusername"/><br />
<br/>
<label>Password:</label><br/>
<input type="password" name="password"/>
<input type="submit" value=" Submit "/><br />
</form>
這是我使用的表格:
"uid INT(11) PRIMARY KEY AUTO_INCREMENT,".
"username VARCHAR(30) UNIQUE,".
"password VARCHAR(50),".
"name VARCHAR(100),".
"email VARCHAR(70) UNIQUE); ";
我新的PHP和不知道如何使它檢查,如果密碼是正確還是不正確。有什麼建議麼?
http://php.net/manual/en/function.password-verify.php – Trilarion
停止。即使你得到這個工作:這是原始代碼,所以你應該投資於這個問題是值得懷疑的。這裏有一些問題,但有一點真的會突然出現:「密碼永遠不應該存儲在數據庫中」。這是沒有理由的,你只是通過這個創造了一個巨大的安全問題。 – arkascha
您是否聽說過運營商優先級? – Neil