Php session、header 和密码哈希值
Php session, header, and password hash values
我目前正在测试 md5 是否以明文形式存储密码。
我正在处理 2 个文件,第一个文件注册用户并将密码的 md5 插入数据库。
第二个文件是 login.php,我在其中尝试用户登录,将键入的密码的哈希值与存储的密码的哈希值进行比较,
在测试这 2 个值与 echo 相等之后,header 重定向不起作用,这是我的 login.php 代码,如果有人可以给我一些提示:
<?php
include("../config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sqlx = "SELECT passcode FROM jdashboard WHERE username = '".$myusername."'";
$resultx = mysqli_query($db,$sqlx);
$rowx = mysqli_fetch_array($resultx,MYSQLI_ASSOC);
$storedpass=$rowx['passcode'];
$enc_password = md5($mypassword);
/*echo $enc_password;
echo "<br>";
echo $storedpass;*/
/*
$compare=strcmp($string1,$string2);
*/
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$admin=0;
//session_register("myusername");
$_SESSION['myusername'] = 'myusername';
$sql = "SELECT admin FROM jdashboard WHERE username = '".$myusername."'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$admin= $row['admin'];
$_SESSION['login_user'] = $myusername;
if ($admin=='1'){
header("location: welcome.php");
}
else if ($admin=='0' && $storedpass == $enc_password){
header("location: https://one.potentiallead.com/dshb/usr");
}
else {
$error = "Your Login Name or Password is invalid";
} }
}
?>
提前致谢!
这里你的代码有误
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$mypassword'";
你应该比较 $enc_password 而不是 $mypassword,所以正确的查询应该是这样的。
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$enc_password'";
无论如何,你不应该使用md5作为加密密码双重安全问题,我建议你可以使用Bcrypt PHP Class代替
希望对您有所帮助。
我目前正在测试 md5 是否以明文形式存储密码。 我正在处理 2 个文件,第一个文件注册用户并将密码的 md5 插入数据库。 第二个文件是 login.php,我在其中尝试用户登录,将键入的密码的哈希值与存储的密码的哈希值进行比较, 在测试这 2 个值与 echo 相等之后,header 重定向不起作用,这是我的 login.php 代码,如果有人可以给我一些提示:
<?php
include("../config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sqlx = "SELECT passcode FROM jdashboard WHERE username = '".$myusername."'";
$resultx = mysqli_query($db,$sqlx);
$rowx = mysqli_fetch_array($resultx,MYSQLI_ASSOC);
$storedpass=$rowx['passcode'];
$enc_password = md5($mypassword);
/*echo $enc_password;
echo "<br>";
echo $storedpass;*/
/*
$compare=strcmp($string1,$string2);
*/
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$mypassword'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$admin=0;
//session_register("myusername");
$_SESSION['myusername'] = 'myusername';
$sql = "SELECT admin FROM jdashboard WHERE username = '".$myusername."'";
$result = mysqli_query($db,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$admin= $row['admin'];
$_SESSION['login_user'] = $myusername;
if ($admin=='1'){
header("location: welcome.php");
}
else if ($admin=='0' && $storedpass == $enc_password){
header("location: https://one.potentiallead.com/dshb/usr");
}
else {
$error = "Your Login Name or Password is invalid";
} }
}
?>
提前致谢!
这里你的代码有误
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$mypassword'";
你应该比较 $enc_password 而不是 $mypassword,所以正确的查询应该是这样的。
$sql = "SELECT id FROM jdashboard WHERE username = '$myusername' and passcode = '$enc_password'";
无论如何,你不应该使用md5作为加密密码双重安全问题,我建议你可以使用Bcrypt PHP Class代替
希望对您有所帮助。