MySQL 检查数据库中的用户名和密码是否匹配

发布于 2024-10-21 18:59:58 字数 400 浏览 11 评论 0原文

我有一个表单,其中有一个带有名称属性 username 的文本框,另一个带有名称属性 password 的文本框。 我还有一个数据库,其中包含名为 userpass 的列。当我的用户注册时,它将用户名添加到 user 列,将密码添加到 pass 列。

我如何进行 MySQL 查询来检查表单是否提交了正确的用户名和密码,然后它是否有一个分支让我输入成功时的代码?

我真的需要一些代码,这一点进展不顺利,我知道它应该类似于 SELECT * FROM table WHERE username == $username AND... 但后来我陷入困境,因为我有数据库中的 MD5 密码,第一位可能是错误的。请帮忙。 :)

谢谢

I have a form which has a textbox with the name attribute username and another one with the name attribute password.
I also have a database with columns called user and pass. When my users signed up it added the username to the user column and password to the pass column.

How would I make a MySQL query to check if the form submitted the right username and password and then if it did have a branch to let me input the code for if it succeeded?

I really need some code, this bit isn't going well I know it should be something like SELECT * FROM table WHERE username == $username AND... but then I'm stuck because I have an MD5 password in the database and that first bit is probably wrong. Please help. :)

Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

寒冷纷飞旳雪 2024-10-28 18:59:58
//set vars
$user = $_POST['user'];
$pass = md5($_POST['pass']);

if ($user&&$pass) 
{
//connect to db
$connect = mysql_connect("$server","$username","$password") or die("not connecting");
mysql_select_db("users") or die("no db :'(");
$query = mysql_query("SELECT * FROM $tablename WHERE username='$user'");

$numrows = mysql_num_rows($query);


if ($numrows!=0)
{
//while loop
  while ($row = mysql_fetch_assoc($query))
  {
    $dbusername = $row['username'];
    $dbpassword = $row['password'];
  }
  else
      die("incorrect username/password!");
}
else
  echo "user does not exist!";
} 
else
    die("please enter a username and password!");
//set vars
$user = $_POST['user'];
$pass = md5($_POST['pass']);

if ($user&&$pass) 
{
//connect to db
$connect = mysql_connect("$server","$username","$password") or die("not connecting");
mysql_select_db("users") or die("no db :'(");
$query = mysql_query("SELECT * FROM $tablename WHERE username='$user'");

$numrows = mysql_num_rows($query);


if ($numrows!=0)
{
//while loop
  while ($row = mysql_fetch_assoc($query))
  {
    $dbusername = $row['username'];
    $dbpassword = $row['password'];
  }
  else
      die("incorrect username/password!");
}
else
  echo "user does not exist!";
} 
else
    die("please enter a username and password!");
百思不得你姐 2024-10-28 18:59:58

您可以限制一列的计数 count(*),而不是选择计数 count(*) 中的所有列。

您可以使用 Limit 0,1 将整个搜索限制为一行

SELECT COUNT(UserName)
  FROM TableName
 WHERE UserName = 'User' AND
       Password = 'Pass'
 LIMIT 0, 1

Instead of selecting all the columns in count count(*) you can limit count for one column count(UserName).

You can limit the whole search to one row by using Limit 0,1

SELECT COUNT(UserName)
  FROM TableName
 WHERE UserName = 'User' AND
       Password = 'Pass'
 LIMIT 0, 1
棒棒糖 2024-10-28 18:59:58

1.) 数据库密码的存储
使用某种带有盐的哈希值,然后更改哈希值,对其进行混淆,例如为每个字节添加一个不同的值。这样您的密码就可以超级安全地抵御字典攻击和彩虹表。

2.) 要检查密码是否匹配,请为用户输入的密码创建哈希值。然后对数据库执行用户名查询,检查两个密码哈希值是否相同。如果是,请为用户提供身份验证令牌。

查询应如下所示:

select hashedPassword from users where username=?

然后将密码与输入进行比较。

还有问题吗?

1.) Storage of database passwords
Use some kind of hash with a salt and then alter the hash, obfuscate it, for example add a distinct value for each byte. That way your passwords a super secured against dictionary attacks and rainbow tables.

2.) To check if the password matches, create your hash for the password the user put in. Then perform a query against the database for the username and just check if the two password hashes are identical. If they are, give the user an authentication token.

The query should then look like this:

select hashedPassword from users where username=?

Then compare the password to the input.

Further questions?

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文