1. 首頁
  2. 問答
  3. PHP錯誤 - 登錄/註冊腳本

PHP錯誤 - 登錄/註冊腳本

2012-09-30 185 views
2

用戶註冊頁面正常工作,這意味着鹽和哈希密碼被正確保存在數據庫中。登錄報告無效的用戶名/密碼。如果有問題,我將salt和密碼設置爲數據庫中的varchar(64)。PHP錯誤 - 登錄/註冊腳本

我只是不能發現它爲什麼不起作用。我想相信這個錯誤是在$ query或$ count變量中。

註冊:

<?php 
include('config.php'); 
#Setup Credentials 
$uname = mysql_real_escape_string($_POST['uname']); 
$escapedPW = mysql_real_escape_string($_POST['pass']); 
$email = mysql_real_escape_string($_POST['email']); 
#Salt Credentials 
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); 
$saltedPW = $escapedPW . $salt; 
$hashedPW = hash('sha256', $saltedPW); 
#checks and queries 
$usercheck = mysql_query("SELECT * FROM users WHERE username = '$uname'"); 
$emailcheck = mysql_query("SELECT * FROM users WHERE email = '$email'"); 
$count = mysql_num_rows($usercheck); 
$count2 = mysql_num_rows($emailcheck); 
$query = "INSERT INTO users (username, password, email, salt) VALUES ('$uname', '$hashedPW', '$email', '$salt')"; 
$error = ""; 

if(isset($_POST['submit'])){ 
    if(empty($_POST['uname']) || empty($_POST['pass']) || empty($_POST['email'])){ 
     echo 'A field is empty!';}  
    else{ 
      if($count != 0){$error = 'Username is already registered.';} 
      elseif ($count2 != 0) {$error = 'Email is already registered.';} 
       else{ mysql_query($query);} 
    } 
} 
?>

登錄:

<?php 
include("config.php"); 
if (isset($_POST['submit'])) { 
    if (!$_POST['username'] | !$_POST['password']) { 
    die('You did not complete all of the required fields'); 
    } 
else{ 
    $username = mysql_real_escape_string($_POST['username']); 
    $escapedPW = mysql_real_escape_string($_POST['password']); 

    $saltquery = "SELECT salt FROM users WHERE username = '$username';"; 
    $result = mysql_query($saltquery); 

    $row = mysql_fetch_assoc($result); 
    $salt = $row['salt']; 

    $saltedPW = $escapedPW . $salt; 

    $hashedPW = hash('sha256', $saltedPW); 

    $query = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';"; 
    $count = mysql_num_rows($query); 

    if($count == 0){ 
     header("location:index.php?status=1"); 
    } 
     else { 
       // store cookie $myusername, $mypassword and redirect to index 
     session_start(); 
     $_SESSION['username'] = $username; 
     $_SESSION['password'] = $hashedPW; 
     setcookie('username', $username, time()+60 * 60 * 4, '/', 'www.site90.net'); 
     setcookie('password', $hashedPW, time()+60 * 60 * 4, '/', 'www.site90.net'); 
     header("location:index.php"); 
    } 
}} 
?>

來源

2012-09-30 Query

+2

echo $ query,是否與db中的值相同? – 2012-09-30 23:36:26

+0

請勿將varchar()用於您的加密密碼等二進制數據。 varchar受制於字符轉換規則。加密的數據必須與它進入的相同,爲此,您需要一個blob或varbinary類型。 –

+0

@Dagon - 是的,查詢返回正確的信息。註釋掉重定向給了我這個警告:mysql_num_rows():提供的參數不是第22行中的/home/a5382697/public_html/login.php中有效的MySQL結果資源 – Query

回答

1

的問題是這些:

$query = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';"; 
$count = mysql_num_rows($query);

他們應該是:

$sql = "SELECT * FROM users WHERE username = '$username' and password = '$hashedPW';"; 
$query = mysql_query($sql); 
$count = mysql_num_rows($query);

mysql_num_rows()期望參數是資源而不是字符串: http://php.net/manual/en/function.mysql-num-rows.php

來源

2012-10-01 01:31:52

相關問題

 相關問題