如何验证在PHP / MySQL的用户？ [英] How do I authenticate a user in PHP / MySQL?

问题描述

所以最近我学会了如何一个用户名和密码正确添加到数据库中。
我的数据库是usersys，和表存储用户信息被称为USERDB。该表有两列 - 用户名（初级），密码

So recently I learned how to properly add a username and password to a database. My database is usersys, and the table storing user information is called userdb. The table has two columns - username (primary), password.

该登记表的伟大工程，进入用户输入正确的数据库，并检查该用户的用户名是否已经在数据库或没有。

The registration form works great, enters the users input into the database correctly and also checks to see whether the user's username is already in the database or not.

随着中说，我问，如果有人可以帮助我创建一个登录脚本。到目前为止，这是我有：

With that said, I am asking if anyone could help me create a login script. So far, this is what I have:

$username = $_POST['username'];
$password = $_POST['password'];
$displayname = $_POST['username'];
$displayname = strtolower($displayname);
$displayname = ucfirst($displayname);           
echo "Your username: " . $displayname . "<br />";

mysql_connect("localhost", "root", "******") or die(mysql_error());
echo "Connected to MySQL<br />";

mysql_select_db("usersys") or die(mysql_error());
echo "Connected to Database <br />";

$lcusername = strtolower($username);
$esclcusername = mysql_real_escape_string($lcusername);
$escpassword = mysql_real_escape_string($password);

$result = mysql_query("SELECT * FROM userdb WHERE username='$esclcusername' AND     password='$escpassword'") or die(mysql_error());
$row = mysql_fetch_array( $result );
$validateUser = $row['username'];
$validatePass = $row['password'];

POST数据从previous登录页面。我想这个脚本来检查表（USERDB），并找到用户名行用户从previous窗体中输入并确认所输入的密码与用户名的密码，该行中设置，在USERDB表。

The POST data is from the previous log in page. I want this script to check the table (userdb) and find the row for the username that the user entered from the previous form and verify that the password entered matches the username's password set in that row, in userdb table.

我也希望某种类型的方法来检查，如果输入的用户名是否存在，告诉输入的用户名不一样，如果它不能在表中找到存在的用户。

I also want some type of way to check whether or not if the username entered exists, to tell the user that the username entered does not exists if it can not be found in the table.

推荐答案

这是不是直接回答这个问题，但一个良好的增值服务。
您应该使用MYSQL SHA1功能存储到数据库之前加密密码。

This is not a direct answer to this question but a GOOD value-add. You should use MYSQL SHA1 function to encrypt the password before storing into the database.

$user = $_POST['userid'];
$pwd = $_POST['password'];
$insert_sql = "INSERT into USER(userid, password) VALUES($user, SHA1($pwd))";

$select_sql = "SELECT * FROM USER WHERE userid=$user AND password=SHA1($pwd))";

这篇关于如何验证在PHP / MySQL的用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！