1. 首页
  2. 问答
  3. html php mysql登录正确,但显示它的错误

html php mysql登录正确,但显示它的错误

2017-06-18 94 views
-2

我有一段代码检查以确保您尝试登录的帐户实际存在并位于数据库中。但是,当我用测试帐户测试它时,当我尝试登录时(即使它正确并在数据库上),它说它不是。html php mysql登录正确,但显示它的错误

// login 

if (isset($_POST[login])){ 

    $username=mysqli_real_escape_string($db,$_POST['username']); 
    $password=mysqli_real_escape_string($db,$_POST['password']); 

    // ensure that form is filled right 

    if (empty($username)){ 
     array_push($errors,"include username"); 
    } 

    if (empty($password)){ 
     array_push($errors,"include password"); 
    } 

    if (count($errors) == 0) { 
     $password = md5($password); 
     $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'"; 
     $result = mysqli_query($db,$query); 

     if (mysqli_num_rows($result) == 1){ 
      $_SESSION['username'] = $username; 
      $_SESSION['success'] = "Hi you are now in"; 
      header('location: index.php'); 
     } else { 
      array_push($errors,"username or password are wrong"); 
      //header('location: login.php'); 
     } 
    } 

}

有人可以告诉我它有什么问题吗? 谢谢。

编辑:

它通过注册页面中插入数据:

$username = ""; 

$email = ""; 

$errors = array(); 


// connect to the database 
$db = mysqli_connect('localhost', 'wildeart_am','test', 'wildeart_register'); 
    // if the register button is clicked 

if (isset($_POST[register])) { 

$username=mysqli_real_escape_string($db,$_POST['username']); 

$email=mysqli_real_escape_string($db,$_POST['email']); 

$password=mysqli_real_escape_string($db,$_POST['password']); 
    $confirmpassword=mysqli_real_escape_string($db,$_POST['cpassword']); 

// ensure that form is filled right 

if (empty($username)){ 
    array_push($errors,"include username"); 
} 

if (empty($email)){ 
    array_push($errors,"include email"); 
} 

if (empty($password)){ 
    array_push($errors,"include password"); 
} 

if($password != $confirmpassword){ 
    array_push($errors,"The two passwords must match"); 
} 

// register 

if(count($errors) == 0){ 
    $password = md5($password); 
    $sql = "INSERT INTO users (username, email, password) 
        VALUES ('$username', '$email','$password')"; 
    mysqli_query($db, $sql); 

    $_SESSION['username'] = $username; 
    $_SESSION['success'] = "Hi you are now in"; 
    header('location: index.php'); 
} 
}

编辑2:

要尝试和MD5解决密码哈希密码哈希我所做的:

if(count($errors) == 0) { 

    $password = password_hash($password, PASSWORD_BCRYPT, $options); 
    $query = "SELECT * FROM users WHERE username = '$username'"; 
    $result = mysqli_query($db,$query); 
    $row=mysqli_fetch_row($result); 
    $verify=password_verify($_POST['password'],$row[1]); 

    if($verify){ 

     $_SESSION['username'] = $username; 
     $_SESSION['success'] = "Hi you are now in"; 
     header('location: index.php'); 

    }else{ 
     array_push($errors,"username or password are wrong"); 
     //header('location: login.php'); 
    }

但它似乎仍然没有工作。

来源

2017-06-18 Hellohowareyou

+0

不应该'$ _ POST [登录]'是'$ _ POST [“登录”]'呢? – Mihailo

+4

**不要存储由md5散列的密码!** PHP提供['password_hash()'](https://php.net/manual/en/function.password-hash.php)和['password_verify()'] (https://php.net/manual/en/function.password-verify.php)请使用它们。如果您使用的是5.5以前的PHP版本[这里有一个兼容包](https://github.com/ircmaxell/password_compat)。确保你[**不要转义密码**](https://stackoverflow.com/q/36628418/5914775)或在哈希之前使用其他任何清理机制。这样做会更改密码并导致不必要的附加编码。 –

+0

@Mihailo PHP实际上会自行解决它,但会发出警告。 – Qirel

回答

0

回答

我忘了将它与原始密码进行比较。现在它工作正常。 非常感谢你们每个试图帮助我解决这个问题

$passwordh = password_hash($password, PASSWORD_BCRYPT, $options); 
    $query = "SELECT * FROM users WHERE username = '$username' AND password ='$password'"; 
    $result = mysqli_query($db,$query); 
    $verify=password_verify($_POST['password'],$passwordh);

来源

2017-06-18 15:35:51 Hellohowareyou

相关问题

 相关问题