dtpyvb1873 2018-07-16 08:12 采纳率: 0%
浏览 153
已采纳

解密和验证登录详细信息时,md5不起作用

I have encrypted and store password. Once user login I want to decrypt and validate .But following code is not able to do that. Can any body help with this?

<?php
   include("config.php");


   if($_SERVER["REQUEST_METHOD"] == "POST") {


      $myusername = mysqli_real_escape_string($con,$_POST['username']);
      $mypassword =md5(mysqli_real_escape_string($con,$_POST['password']));


      $sql = "SELECT id FROM services WHERE user_name = '$myusername' and password = '$mypassword'";
      $result = mysqli_query($con,$sql);
      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);


      $count = mysqli_num_rows($result);



      if($count == 1) {

         echo "success";

      }else {
         echo "fail";
      }
   }
?>
  • 写回答

3条回答 默认 最新

  • dongzhuoxie1244 2018-07-16 08:25
    关注
    1. It isn't necessary to escape value, that will be md5-hashed. You even could change the password (and md5 hash) if it contains some special char. For example, lets see at password's test' hashes:

      echo md5(mysqli_real_escape_string($con,$_POST['password']));
      echo md5($_POST['password']);
      

    Output is:

    e1e7975d4f1958297ede35ea4fc13a27
    5c28a8c6d799d302f3ef53afefdfc81b
    
    1. You shouldn't do:

      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
      

    because you don't use it later and you don't check if num_rows > 0 and it'll give an error if there are 0 records.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?