我有一个登记表,让用户输入密码,我使用隐窝散列密码不匹配
在寄存器形式它的工作讨论解决这个口令和密码散列和安全的数据库,但当它来登录密码不匹配,系统不会登录
任何人都可以帮助我?在register.php
散列密码
//crypt password
require_once('include/blowfish.php');
$bcrypt = new Bcrypt(4);
$hash = $bcrypt->hash($pass1);
echo $hash;
//************Insert all the members's input to the database**************************//
$query = mysql_query("INSERT INTO members(user_name, first_name, last_name,
governorate, district, village, birth_date, email_address, specialization,
password, registered_date)
VALUES('$username', '$firstname', '$lastname', '$governorate', '$district',
'$village', '$bdate', '$email', '$specialization', '$hash', now())")
or die(mysql_error());
在login.php中
$sql=mysql_query("SELECT user_id, email_address, first_name, user_name
FROM members
WHERE email_address='$email'AND password= '$pass'
LIMIT 1") or die("error in members table");
$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
$row = mysql_fetch_array($sql);
$row_pass = $row['password'];
//***********for hashing password***************************//
require_once('include/blowfish.php');
$bcrypt = new Bcrypt(4);
if($bcrypt->verify($pass, $row_pass))
{
$id = $row['user_id'];
$_SESSION['user_id'] = $id;
$firstname = $row['first_name'];
$_SESSION['first_name']= $firstname;
$email = $row['email_address'];
$_SESSION['email_address']= $email;
$username = $row['user_name'];
$_SESSION['user_name']= $username;
mysql_query("UPDATE members SET last_log_date=now()
WHERE user_id='$id'");
//$message = "correct email and passworddd!!";
header("Location: profile.php");
// exit();
}//close if
}//close if
else
{
$message = "incorrect Email or Password!!";
//exit();
}
不要多次提问相同的问题。 – Gumbo
你已经得到答案,试着理解并应用它们! – deceze
@ deceze问题是,我认为它是正确的,但它不是,我不知道如何解决,所以我来问问题去了解并理解 – user2398286