我设置了密码md5加密的signup.php,它工作正常,当我在phpmyadmin检查它,但是当我将md5应用到login.php它不符合密码?它总是说密码错误可能是语法,但不可能看着办吧......md5密码不匹配
signup.php
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "")
$error = "Not all fields were entered<br /><br />";
else
{
if (mysql_num_rows(queryMysql("SELECT * FROM members
WHERE user='$user'")))
$error = "That username already exists<br /><br />";
else
{
queryMysql("INSERT INTO members VALUES('$user', '".md5('$pass')."')");
die("<h4>Account created</h4>Please Log in.<br /><br />");
}
}
}
的login.php
if(isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br />";
} else {
$query = "SELECT user,pass FROM members WHERE user = '$user' AND pass = \'\".md5('$pass').\"\'";
if(mysql_num_rows(queryMysql($query)) == 0) {
$error = "<span class='error'>Username/Password invalid</span><br /><br />";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='society.php?view=$user'>" .
"click here</a> to continue.<br /><br />");
}
}
}
有([单引号和双PHP中引用的字符串]之间的差异http://www.php.net/manual/en/language .types.string.php)。 – Gumbo 2013-03-17 19:11:17
对于散列密码,MD5被**破解**。 [见这篇文章](http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords)。 – 2013-03-17 19:12:24
你在做什么是非常危险的。如果你还没有开始使用SQL注入,那么你将被黑客攻击。学习使用PDO或类似的准备/参数化查询。 – Brad 2013-03-17 19:15:14