PHP MD5 创建用户表单

发布于 2024-10-14 01:04:51 字数 1054 浏览 5 评论 0原文

我在这里使用了一个教程: http://www.phpeasystep.com/phptu/26.html< /a> 为我的网站创建登录表单。我已将数据库中的uPassword字段设置为md5,并且数据库中的所有密码均使用md5加密。

登录工作正常,但是我对创建注册表单有点困惑。

该表单要求用户输入所需的密码。我有点困惑如何获取用户输入的密码,将其转换为 md5,然后将 md5 密码输入到用户表中的 uPassword 字段中。

下面是我为 processresgistration.php 文件编写的代码:

/* Database connection info*/
mysql_select_db("dbname", $con);

$encryptedpassword = md5($_POST['uPassword']);

md5($uPassword);

$sql="INSERT INTO users (uName, uPassword, uSurname, uFirstName)
VALUES
('$_POST[uName]','$encryptedpassword','$_POST[uSurname]','$_POST[uFirstName]'";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Account created.  You can now login";

mysql_close($con)
?>

上面的代码应该是:

  • 创建一个名为 cryptopassword 的变量
  • 使用 uPassword 作为 cryptopassword
  • 将加密密码转换为 MD5
  • 将 MD5 密码作为 uPassword 输入到 users 表中

我确信我没有在某处使用正确的变量,或者我的语法犯了一个简单的错误;非常感谢任何评论/帮助!

谢谢, 克里斯·M

I have used a tutorial here: http://www.phpeasystep.com/phptu/26.html to create a login form for my website. I have set the uPassword field in my database to be md5 and all of the passwords in the database are encrypted with md5.

The login works perfectly, however I am slightly confused about creating a registration form.

The form requests for a user to input their desired password. I am slightly confused as to how I will then take the password that the user inputs, converting it to md5 and then inputting the md5 password into the uPassword field in the user table.

Below is the code that I have for the processresgistration.php file:

/* Database connection info*/
mysql_select_db("dbname", $con);

$encryptedpassword = md5($_POST['uPassword']);

md5($uPassword);

$sql="INSERT INTO users (uName, uPassword, uSurname, uFirstName)
VALUES
('$_POST[uName]','$encryptedpassword','$_POST[uSurname]','$_POST[uFirstName]'";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Account created.  You can now login";

mysql_close($con)
?>

The code above is supposed to:

  • Create a variable named encryptedpassword
  • Use uPassword as encryptedpassword
  • Convert encrypted password to MD5
  • Input the MD5 password into the users table as uPassword

I'm sure that I've not used a correct variable somewhere, or I have done a simple error with my syntax; any comments/help is greatly appreciated!

Thanks,
Chris M

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

゛时过境迁 2024-10-21 01:04:51
/* Database connection info*

您没有正确关闭您的评论。在行尾添加 /

哦,MD5 是不安全的。请改用 SHA1。或者更好的是,使用加盐 SHA1。

您还需要开始使用 mysql_real_escape_string()Little 转义放入数据库中的所有用户输入Bobby Tables 将为您的数据库带来很多乐趣。

/* Database connection info*

You didn't properly close your comment there. Add a / at the end of the line.

Oh, and MD5 is insecure. Use SHA1 instead. Or even better, use salted SHA1.

You also need to start escaping all user input you are putting in your database using mysql_real_escape_string() or Little Bobby Tables will have lots of fun with your database.

岁月如刀 2024-10-21 01:04:51

/* 数据库连接信息*/

 mysql_select_db("dbname", $con);

$encryptedpassword = md5($_POST['uPassword']);

$sql="INSERT INTO users (uName, uPassword, uSurname, uFirstName)
VALUES
('$_POST[uName]','$encryptedpassword','$_POST[uSurname]','$_POST[uFirstName]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Account created.  You can now login";

mysql_close($con)
?>

括号结束是查询中的问题

('$_POST[uName]','$encryptedpassword','$_POST[uSurname]','$_POST[uFirstName]'";

这需要结束 ' ) '

/* Database connection info*/

 mysql_select_db("dbname", $con);

$encryptedpassword = md5($_POST['uPassword']);

$sql="INSERT INTO users (uName, uPassword, uSurname, uFirstName)
VALUES
('$_POST[uName]','$encryptedpassword','$_POST[uSurname]','$_POST[uFirstName]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Account created.  You can now login";

mysql_close($con)
?>

The closing of bracket is the issue in query

('$_POST[uName]','$encryptedpassword','$_POST[uSurname]','$_POST[uFirstName]'";

This needs a closing ' ) '

颜漓半夏 2024-10-21 01:04:51

您的代码需要一些验证&转义,更像这样:

<?php

/* Database connection info */
mysql_select_db("dbname", $con);

if ($_REQUEST['METHOD'] == 'POST') {
    $uName = filter_input(INPUT_POST, 'uName');
    $uPassword = filter_input(INPUT_POST, 'uPassword');
    $uSurname = filter_input(INPUT_POST, 'uSurname');
    $uFirstName = filter_input(INPUT_POST, 'uFirstName');

    // do some validation here ...

    // if everything OK, then crypte the password
    $hashedPassword = md5($uPassword);

    // and store it

    $sql = sprintf(
        'INSERT INTO users (uName, hashedPassword, uSurname, uFirstName)
         VALUES (%s, %s, %s, %s);',
            mysql_real_escape_string($uName, $con),
            mysql_real_escape_string($hashedPassword, $con),
            mysql_real_escape_string($uSurname, $con),
            mysql_real_escape_string($uFirstName, $con)
    );

    if (!mysql_query($sql,$con)) {
        die('Error: ' . mysql_error());
    }

    mysql_close($con);
    echo "Account created.  You can now login";
}

?>

现在登录

<?php

if ($_REQUEST['METHOD'] == 'POST') {
    $uName = filter_input(INPUT_POST, 'uName');
    $uPassword = filter_input(INPUT_POST, 'uPassword');
    $hashedPassword = md5($uPassword);

    $sql = sprintf(
        'SELECT * FROM users WHERE uName = "%s" AND hashedPassword = "%s" LIMIT 1',
            mysql_real_escape_string($uName, $con),
            mysql_real_escape_string($hashedPassword, $con),
        );

    // etc etc ...
}
?>

You code require some validation & escaping, more like this :

<?php

/* Database connection info */
mysql_select_db("dbname", $con);

if ($_REQUEST['METHOD'] == 'POST') {
    $uName = filter_input(INPUT_POST, 'uName');
    $uPassword = filter_input(INPUT_POST, 'uPassword');
    $uSurname = filter_input(INPUT_POST, 'uSurname');
    $uFirstName = filter_input(INPUT_POST, 'uFirstName');

    // do some validation here ...

    // if everything OK, then crypte the password
    $hashedPassword = md5($uPassword);

    // and store it

    $sql = sprintf(
        'INSERT INTO users (uName, hashedPassword, uSurname, uFirstName)
         VALUES (%s, %s, %s, %s);',
            mysql_real_escape_string($uName, $con),
            mysql_real_escape_string($hashedPassword, $con),
            mysql_real_escape_string($uSurname, $con),
            mysql_real_escape_string($uFirstName, $con)
    );

    if (!mysql_query($sql,$con)) {
        die('Error: ' . mysql_error());
    }

    mysql_close($con);
    echo "Account created.  You can now login";
}

?>

Now for login

<?php

if ($_REQUEST['METHOD'] == 'POST') {
    $uName = filter_input(INPUT_POST, 'uName');
    $uPassword = filter_input(INPUT_POST, 'uPassword');
    $hashedPassword = md5($uPassword);

    $sql = sprintf(
        'SELECT * FROM users WHERE uName = "%s" AND hashedPassword = "%s" LIMIT 1',
            mysql_real_escape_string($uName, $con),
            mysql_real_escape_string($hashedPassword, $con),
        );

    // etc etc ...
}
?>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文