duanbei1598 2015-09-11 08:52
浏览 65
已采纳

我的密码被哈希并保存在数据库中,但它与用户在文本框中提供的密码无法匹配

my password is hashed and saved in database but it is couldn't match it with the password which user is giving in textbox. 

   //form submission 
if(isset($_POST['submit_pwd']))
{ //input form username
 $us = isset($_POST['usr']) ? $_POST['usr'] : '';
   // input for user password
 $passw = isset($_POST['passwd']) ? $_POST['passwd'] : ''; 
  //retreiving vlaues from database  
$sql = "SELECT * FROM adminclient"; 
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {

 $username= $row['username'];
 $password = $row['password'];
   //username and password matches from database 
 if ($us == $username && password_verify($passw, $password) ) { 

    session_start();
    $_SESSION['username']=$_POST['usr'];
    header("location: success.php");    
 }

}echo " <script type='text/javascript'>
 alert('Wrong Username and Password combination');</script> ";
                                    }
}

?>
  • 写回答

1条回答 默认 最新

  • duancuan7057 2015-09-11 09:00
    关注

    You are not converting input password to hashed password. Because, in table Hashed Password is saved. So, you need to convert it. If md5 was used.. Then use $passw=md5($passw);to convert. Or, If sha1 was used then use $passw=SHA1($passw).

    //form submission 
if(isset($_POST['submit_pwd']))
    $us = isset($_POST['usr']) ? $_POST['usr'] : '';
    $passw = isset($_POST['passwd']) ? $_POST['passwd'] : ''; 

    $passw=md5($passw); // Change Input Password To md5 Password

    //Check Here It Self in SQL Query
    $sql = "SELECT * FROM adminclient WHERE username='$us' AND password='$passw'";
    $result = mysqli_query($conn, $sql);
    if (mysqli_num_rows($result) > 0) 
    {
        while($row = mysqli_fetch_assoc($result))
        {
                session_start();
                $_SESSION['username']=$_POST['usr'];
                header("location: success.php");    
        }

    }
    else
    {
     echo " <script type='text/javascript'>
     alert('Wrong Username and Password combination');</script> ";
    }
}
?>

    Check this SHA1 Password for more details.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 永磁型步进电机PID算法
  • ¥15 sqlite 附加(attach database)加密数据库时,返回26是什么原因呢?
  • ¥88 找成都本地经验丰富懂小程序开发的技术大咖
  • ¥15 如何处理复杂数据表格的除法运算
  • ¥15 如何用stc8h1k08的片子做485数据透传的功能?(关键词-串口)
  • ¥15 有兄弟姐妹会用word插图功能制作类似citespace的图片吗?
  • ¥200 uniapp长期运行卡死问题解决
  • ¥15 latex怎么处理论文引理引用参考文献
  • ¥15 请教:如何用postman调用本地虚拟机区块链接上的合约?
  • ¥15 为什么使用javacv转封装rtsp为rtmp时出现如下问题:[h264 @ 000000004faf7500]no frame?