在我的 phpMyAdmin 数据库中,我的密码部分显示为 01cfcd4f6b8770febfb40cb906715822 请帮助我。
我试着先 1)通过专门删除一些验证功能来简化代码,使其易于理解
type here
mysqli_real_escape_string
--
stripslashes
--
在这里输入
-
-<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>Registration</title>
<link rel="stylesheet" href="style.css"/>
</head>
<body>
<?php
require('db.php');
// When form submitted, insert values into the database.
if (isset($_REQUEST['username'])) {
// removes backslashes
$username = stripslashes($_REQUEST['username']);
//escapes special characters in a string
$username = mysqli_real_escape_string($con, $username);
$email = stripslashes($_REQUEST['email']);
$email = mysqli_real_escape_string($con, $email);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con, $password);
$create_datetime = date("Y-m-d H:i:s");
$query = "INSERT into `users` (username, password, email, create_datetime)
VALUES ('$username', '" . md5($password) . "', '$email', '$create_datetime')";
$result = mysqli_query($con, $query);
if ($result) {
echo "<div class='form'>
<h3>You are registered successfully.</h3><br/>
<p class='link'>Click here to <a href='login.php'>Login</a></p>
</div>";
} else {
echo "<div class='form'>
<h3>Required fields are missing.</h3><br/>
<p class='link'>Click here to <a href='registration.php'>registration</a> again.</p>
</div>";
}
} else {
?>
<form class="form" action="" method="post">
<h1 class="login-title">Registration</h1>
<input type="text" class="login-input" name="username" placeholder="Username" required />
<input type="text" class="login-input" name="email" placeholder="Email Adress">
<input type="password" class="login-input" name="password" placeholder="Password">
<input type="submit" name="submit" value="Register" class="login-button">
<p class="link"><a href="login.php">Click to Login</a></p>
</form>
<?php
}
?>
</body>
</html>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>Login</title>
<link rel="stylesheet" href="style.css"/>
</head>
<body>
<?php
require('db.php');
session_start();
// When form submitted, check and create user session.
if (isset($_POST['username'])) {
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($con, $username);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con, $password);
// Check user is exist in the database
$query = "SELECT * FROM `users` WHERE username='$username'
AND password='" . md5(password) . "'";
$result = mysqli_query($con, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if ($rows == 1) {
$_SESSION['username'] = $username;
// Redirect to user dashboard page
header("Location: dashboard.php");
} else {
echo "<div class='form'>
<h3>Incorrect Username/password.</h3><br/>
<p class='link'>Click here to <a href='login.php'>Login</a> again.</p>
</div>";
}
} else {
?>
<form class="form" method="post" name="login">
<h1 class="login-title">Login</h1>
<input type="text" class="login-input" name="username" placeholder="Username" autofocus="true"/>
<input type="password" class="login-input" name="password" placeholder="Password"/>
<input type="submit" value="Login" name="submit" class="login-button"/>
<p class="link"><a href="registration.php">New Registration</a></p>
</form>
<?php
}
?>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<?php
// Enter your host name, database username, password, and database name.
// If you have not set database password on localhost then set empty.
$con = mysqli_connect("localhost","root","","LoginSystem");
// Check connection
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
<?php
session_start();
if(!isset($_SESSION["username"])) {
header("Location: login.php");
exit();
}
?>
</body>
</html>
然后我尝试删除 md5 哈希并用纯 $_REQUEST 替换变量,但这只会导致我无法登录