0
我想存储和查询密码哈希用户登录和注册是一样的Joomla(2.5),存储和使用相同的哈希作为的Joomla
例如这里:
目前我有这样的代码作为登录:
<?php
$page_title = 'Login';
include ('template/header.php');
require_once ('inc/db.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Validate the email address:
if (!empty($_POST['email'])) {
$e = mysqli_real_escape_string ($dbc, $_POST['email']);
} else {
$e = FALSE;
echo '<div class="alert alert-danger" id="alerta1">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>No ingresaste tu email</p></center>
</div>';
}
// Validate the password:
if (!empty($_POST['password'])) {
$p = mysqli_real_escape_string ($dbc, $_POST['password']);
} else {
$p = FALSE;
echo '<div class="alert alert-danger" id="alerta2">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>No ingresaste tu contraseña</p></center>
</div>';
}
if ($e && $p) { // If everything's OK.
// Query the database:
$q = "SELECT user_id, nombre, user_level FROM users WHERE (email='$e' AND password=md5('$p')) AND active = 1";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (@mysqli_num_rows($r) == 1) { // A match was made.
// Register the values:
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
mysqli_free_result($r);
mysqli_close($dbc);
// Redirect the user:
//$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: ads.php?welcome");
exit();
} else { // No match was made.
echo '<div class="alert alert-danger" id="alerta3">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Tu email y contraseña no figuran en sistema o tu cuenta aun no esta activada</p></center>
</div>';
}
} else { // If everything wasn't OK.
echo '<div class="alert alert-danger" id="alerta4">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Por favor intentalo nuevamente</p></center>
</div>';
}
mysqli_close($dbc);
}
和注册:
if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
// Need the database connection:
require ('inc/db.php');
// Trim all the incoming data:
$trimmed = array_map('trim', $_POST);
// Assume invalid values:
$no = $ap = $e = $p = FALSE;
// Check for a first name:
if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['nombre'])) {
$no = mysqli_real_escape_string ($dbc, $trimmed['nombre']);
} else {
echo '<div class="alert alert-danger" id="alerta1">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Por favor, ingresa tu nombre</p></center>
</div>';
}
// Check for a last name:
if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['apellido'])) {
$ap = mysqli_real_escape_string ($dbc, $trimmed['apellido']);
} else {
echo '<div class="alert alert-danger" id="alerta2">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Por favor, ingresa tu apellido</p></center>
</div>';
}
// Check for an email address:
if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) {
$e = mysqli_real_escape_string ($dbc, $trimmed['email']);
} else {
echo '<div class="alert alert-danger" id="alerta3">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Por favor, ingresa una direccion valida de email</p></center>
</div>';
}
// Check for a password and match against the confirmed password:
if (preg_match ('/^\w{4,20}$/', $trimmed['pass1'])) {
if ($trimmed['pass1'] == $trimmed['pass2']) {
$p = mysqli_real_escape_string ($dbc, $trimmed['pass1']);
} else {
echo '<div class="alert alert-danger" id="alerta4">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Las contraseñas no coinciden</p></center>
</div>';
}
} else {
echo '<div class="alert alert-danger" id="alerta5">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Ingresar contraseña válida</p></center>
</div>';
}
if ($no && $ap && $e && $p) { // If everything's OK...
// Make sure the email address is available:
$q = "SELECT user_id FROM users WHERE email='$e'";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (mysqli_num_rows($r) == 0) { // Available.
// Create the activation code:
$a = md5(uniqid(rand(), true));
// Add the user to the database:
$q = "INSERT INTO users (email, password, nombre, apellido, active, fecha_registro) VALUES ('$e', md5('$p'), '$no', '$ap', '$a', NOW())";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
// Send the email:
include ('template/mail_registro.php');
// Finish the page:
header("Location: registro_ok.php");
exit(); // Quit the script.
} else { // If it did not run OK.
echo '<div class="alert alert-danger" id="alerta6">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>No has podido registrarte debido a un error en nuestro sistema. En breve lo solucionaremos</p></center>
</div>';
}
} else { // The email address is not available.
echo '<div class="alert alert-danger" id="alerta7">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>La direccion de email ya se encuentra registrada. Olvidaste tu contraseña?</p></center>
</div>';
}
} else { // If one of the data tests failed.
echo '<div class="alert alert-danger" id="alerta8">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Intentalo nuevamente</p></center>
</div>';
}
mysqli_close($dbc);
} // End of the main Submit conditional.