我有一个注册脚本:
function NewUser()
{
$fullname = $_POST['name'];
$userName = $_POST['user'];
$email = $_POST['email'];
$password = $_POST['pass'];
$confirm_password = $_POST['cpass'];
$salt = 'a salt(not in my real script)';
$password = crypt($password, $salt);
$query = "INSERT INTO WebsiteUsers (fullname,userName,email,pass) VALUES ('$fullname','$userName','$email','$password')";
$data = mysql_query ($query)or die(mysql_error());
if($data)
{
echo "YOUR REGISTRATION IS COMPLETED...";
}
}
它完美地存储了包括加密密码在内的所有内容。我还有一个检查登录代码:
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT pass FROM $tbl_name WHERE userName='$myusername' ";
$result = mysql_query($sql);
if (crypt($user_input, $password) == $password){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
这段代码中出现了问题,阻止了我的login_success.php。它会说这是错误的用户名或密码,我知道是我的密码加密出错了。有人能帮我调试这个代码吗?这样它就能以正确的方式看到加密的密码。因为我正在测试网站登录,但它不起作用,因为(我认为)它看不到正确的加密密码。(抱歉我英语不好)
创建带有身份验证系统的站点的更好方法是使用已经内置的开发框架。
Laravel就是一个很好的例子,它有一个非常强大的身份验证平台,您可以开箱即用。