md5密码确认失败
md5 password confirmation failing
是的,我知道 md5 不是一个好的选择,我应该使用 password_hash(),但我的托管解决方案是 php 版本 5.3.3。无论如何,这绝不应该是生产环境,仅用于培训目的,我很快就会更换供应商。
所以我设置了一些代码,我可以看到我注册的凭据,md5 格式的密码记录在数据库中。但是当登录相同的凭据时,我收到了我设置的错误消息,"invalid email or pass"
这是我的代码:
echo 'Current PHP version: ' . phpversion();
include_once("config.php");
session_start();
if(isset($_POST['signup'])){
$name = $_POST['name'];
$email = $_POST['email'];
$pass = md5($_POST['pass']);
$insert = $pdo->prepare("INSERT INTO users (name,email,pass)
values(:name,:email,:pass) ");
$insert->bindParam(':name',$name);
$insert->bindParam(':email',$email);
$insert->bindParam(':pass',$pass);
$insert->execute();
}
elseif(isset($_POST['signin'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
$select = $pdo->prepare("SELECT * FROM users WHERE email='$email' and pass='$pass'");
$select->setFetchMode();
$select->execute();
$data=$select->fetch();
if($data['email']!=$email and $data['pass']!=$pass)
{
echo "invalid email or pass";
}
elseif($data['email']==$email and $data['pass']==$pass)
{
$_SESSION['email']=$data['email'];
$_SESSION['name']=$data['name'];
header("location:aeroplane.php");
}
}
因此,注册工作正常,然后 else 如果签名失败。我在这里错过了什么?
-谢谢
密码在数据库中保存为 md5,因此您也应该在标志上对其进行哈希处理,以便正确比较。
解决方案:
只需将此 $pass = $_POST['pass'];
更改为 $pass = md5($_POST['pass']);
您的代码基本上是将非散列密码与散列密码进行比较,这毫无意义。
echo 'Current PHP version: ' . phpversion();
include_once("config.php");
session_start();
if(isset($_POST['signup'])){
$name = $_POST['name'];
$email = $_POST['email'];
$pass = md5($_POST['pass']);
$insert = $pdo->prepare("INSERT INTO users (name,email,pass)
values(:name,:email,:pass) ");
$insert->bindParam(':name',$name);
$insert->bindParam(':email',$email);
$insert->bindParam(':pass',$pass);
$insert->execute();
}
elseif(isset($_POST['signin'])){
$email = $_POST['email'];
$pass = md5($_POST['pass']);
$select = $pdo->prepare("SELECT * FROM users WHERE email='$email' and pass='$pass'");
$select->setFetchMode();
$select->execute();
$data=$select->fetch();
if($data['email']!=$email and $data['pass']!=$pass)
{
echo "invalid email or pass";
}
elseif($data['email']==$email and $data['pass']==$pass)
{
$_SESSION['email']=$data['email'];
$_SESSION['name']=$data['name'];
header("location:aeroplane.php");
}
}
更新了 $pass = md5($_POST['pass']); 签名代码。
您还需要在登录时使用 md5
我看过你的代码,登录代码后发现错误。
将代码 $pass=$_POST['pass']; 更新为
$pass = md5($_POST['pass']);
是的,我知道 md5 不是一个好的选择,我应该使用 password_hash(),但我的托管解决方案是 php 版本 5.3.3。无论如何,这绝不应该是生产环境,仅用于培训目的,我很快就会更换供应商。
所以我设置了一些代码,我可以看到我注册的凭据,md5 格式的密码记录在数据库中。但是当登录相同的凭据时,我收到了我设置的错误消息,"invalid email or pass"
这是我的代码:
echo 'Current PHP version: ' . phpversion();
include_once("config.php");
session_start();
if(isset($_POST['signup'])){
$name = $_POST['name'];
$email = $_POST['email'];
$pass = md5($_POST['pass']);
$insert = $pdo->prepare("INSERT INTO users (name,email,pass)
values(:name,:email,:pass) ");
$insert->bindParam(':name',$name);
$insert->bindParam(':email',$email);
$insert->bindParam(':pass',$pass);
$insert->execute();
}
elseif(isset($_POST['signin'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
$select = $pdo->prepare("SELECT * FROM users WHERE email='$email' and pass='$pass'");
$select->setFetchMode();
$select->execute();
$data=$select->fetch();
if($data['email']!=$email and $data['pass']!=$pass)
{
echo "invalid email or pass";
}
elseif($data['email']==$email and $data['pass']==$pass)
{
$_SESSION['email']=$data['email'];
$_SESSION['name']=$data['name'];
header("location:aeroplane.php");
}
}
因此,注册工作正常,然后 else 如果签名失败。我在这里错过了什么?
-谢谢
密码在数据库中保存为 md5,因此您也应该在标志上对其进行哈希处理,以便正确比较。
解决方案:
只需将此 $pass = $_POST['pass'];
更改为 $pass = md5($_POST['pass']);
您的代码基本上是将非散列密码与散列密码进行比较,这毫无意义。
echo 'Current PHP version: ' . phpversion();
include_once("config.php");
session_start();
if(isset($_POST['signup'])){
$name = $_POST['name'];
$email = $_POST['email'];
$pass = md5($_POST['pass']);
$insert = $pdo->prepare("INSERT INTO users (name,email,pass)
values(:name,:email,:pass) ");
$insert->bindParam(':name',$name);
$insert->bindParam(':email',$email);
$insert->bindParam(':pass',$pass);
$insert->execute();
}
elseif(isset($_POST['signin'])){
$email = $_POST['email'];
$pass = md5($_POST['pass']);
$select = $pdo->prepare("SELECT * FROM users WHERE email='$email' and pass='$pass'");
$select->setFetchMode();
$select->execute();
$data=$select->fetch();
if($data['email']!=$email and $data['pass']!=$pass)
{
echo "invalid email or pass";
}
elseif($data['email']==$email and $data['pass']==$pass)
{
$_SESSION['email']=$data['email'];
$_SESSION['name']=$data['name'];
header("location:aeroplane.php");
}
}
更新了 $pass = md5($_POST['pass']); 签名代码。
您还需要在登录时使用 md5
我看过你的代码,登录代码后发现错误。
将代码 $pass=$_POST['pass']; 更新为
$pass = md5($_POST['pass']);