1
我設置了密碼md5加密的signup.php,它工作正常,當我在phpmyadmin檢查它,但是當我將md5應用到login.php它不符合密碼?它總是說密碼錯誤可能是語法,但不可能看着辦吧......md5密碼不匹配
signup.php
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "")
$error = "Not all fields were entered<br /><br />";
else
{
if (mysql_num_rows(queryMysql("SELECT * FROM members
WHERE user='$user'")))
$error = "That username already exists<br /><br />";
else
{
queryMysql("INSERT INTO members VALUES('$user', '".md5('$pass')."')");
die("<h4>Account created</h4>Please Log in.<br /><br />");
}
}
}
的login.php
if(isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br />";
} else {
$query = "SELECT user,pass FROM members WHERE user = '$user' AND pass = \'\".md5('$pass').\"\'";
if(mysql_num_rows(queryMysql($query)) == 0) {
$error = "<span class='error'>Username/Password invalid</span><br /><br />";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='society.php?view=$user'>" .
"click here</a> to continue.<br /><br />");
}
}
}
有([單引號和雙PHP中引用的字符串]之間的差異http://www.php.net/manual/en/language .types.string.php)。 – Gumbo 2013-03-17 19:11:17
對於散列密碼,MD5被**破解**。 [見這篇文章](http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords)。 – 2013-03-17 19:12:24
你在做什麼是非常危險的。如果你還沒有開始使用SQL注入,那麼你將被黑客攻擊。學習使用PDO或類似的準備/參數化查詢。 – Brad 2013-03-17 19:15:14