我已经在我的login.php文件下面的代码:登录与哈希密码PHP
<?php
session_start();
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "complete fields!";
} else {
$username = $_POST['username'];
$password = $_POST['password'];
$connection = mysql_connect("localhost", "root", "");
$db = mysql_select_db("simozar", $connection);
$query = mysql_query("select * from admin where password='$password' AND username='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user'] = $username;
header("location: admin/index.php");
} else {
$error = "wrong user or pass.";
}
mysql_close($connection);
}
}
?>
我没有任何的注册页面,这是管理员登录页面,我在数据库中手动设置的用户名和密码。
我试图在PHP我的管理数据库表编辑选项哈希密码,我的密码是'aminhd'和哈希通过phpmyadmin密码哈希'* CCF10A8709AE3EF3D868CA4581B33BAF44D1AD1F'(该图片buttom)。
如何在使用此密码(aminhd)登录页面?
这IMG:https://i.stack.imgur.com/iz4xN.png
哇哇,你的网站会被黑客攻击......尽快阅读关于sql注入的内容: –
@DavidConstantine我是新的PHP开发者。什么是好的?是PDO更好?还是MySQLi过程 – emen
** [您的脚本存在SQL注入攻击风险](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) **。了解[MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)的[Prepared Statements](准备语句)(http://en.wikipedia.org/wiki/Prepared_statement)。即使** [转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)**是不安全的!使用'PDO'或'mysqli_ *'。为了帮助,[这篇文章将有助于选择你最好的选择](http://php.net/manual/en/mysqlinfo.api.choosing.php)。 – GrumpyCrouton