我已經在我的login.php文件下面的代碼:登錄與哈希密碼PHP
<?php
session_start();
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "complete fields!";
} else {
$username = $_POST['username'];
$password = $_POST['password'];
$connection = mysql_connect("localhost", "root", "");
$db = mysql_select_db("simozar", $connection);
$query = mysql_query("select * from admin where password='$password' AND username='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user'] = $username;
header("location: admin/index.php");
} else {
$error = "wrong user or pass.";
}
mysql_close($connection);
}
}
?>
我沒有任何的註冊頁面,這是管理員登錄頁面,我在數據庫中手動設置的用戶名和密碼。
我試圖在PHP我的管理數據庫表編輯選項哈希密碼,我的密碼是'aminhd'和哈希通過phpmyadmin密碼哈希'* CCF10A8709AE3EF3D868CA4581B33BAF44D1AD1F'(該圖片buttom)。
如何在使用此密碼(aminhd)登錄頁面?
這IMG:https://i.stack.imgur.com/iz4xN.png
哇哇,你的網站會被黑客攻擊......儘快閱讀關於sql注入的內容: –
@DavidConstantine我是新的PHP開發者。什麼是好的?是PDO更好?還是MySQLi過程 – emen
** [您的腳本存在SQL注入攻擊風險](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) **。瞭解[MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)的[Prepared Statements](準備語句)(http://en.wikipedia.org/wiki/Prepared_statement)。即使** [轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)**是不安全的!使用'PDO'或'mysqli_ *'。爲了幫助,[這篇文章將有助於選擇你最好的選擇](http://php.net/manual/en/mysqlinfo.api.choosing.php)。 – GrumpyCrouton