下面的代碼來自用PHP編寫的登錄腳本。它檢查密碼的數據庫使用MD5加密密碼,但是當登錄腳本針對數據庫檢查密碼時,它將檢查未加密的原始密碼。我熟悉的MD5()函數,但我會如何將此主題融入如下:如何使用PHP對MD5加密此密碼?
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
$connect = mysql_connect("host", "user", "password") or die("Couldn't connect");
mysql_select_db("dbname") or die("Couldn't find the database");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username == $dbusername && $password == $dbpassword) {
echo "You're in! Click <a href='../member.php'>here</a> to enter the member page.";
$_SESSION['username'] = $username;
}else{
echo "Incorrect password";
}
}else{
die("That username does not exist.");
}
}else{
die("Please enter a valid username and password.");
}
?>
將'$ password == $ dbpassword'改爲'md5($ password)== $ dbpassword'應該可以。 –
您的代碼容易受到着名的SQL注入攻擊。 – Zaffy
仍然在使用mysql_escape_real_string()的東西,以及 – user1710563