在PHP中使用SHA1进行登录 [英] Using SHA1 in PHP for Login form
问题描述
我想创建一个简单的注册和登录表单。
我想使用SHA1在数据库中保存加密的密码。
但是当我尝试使用密码登录,似乎它不工作。
有三个文件 - index.php,register.php,login.php
I'm trying to make a simple register and login form. I want to use SHA1 to save the encrypted password in database. But when I try to login with the password, it seems it does not work. There are three files - index.php, register.php ,login.php
请帮我解决这个问题。
// index.php
//index.php
<form action="register.php" method="post" enctype="multipart/form-data">
<label for="email">Email:</label>
<input type="text" name="email">
<br />
<label for="password">Password:</label>
<input type="password" name="password">
<button>Register</button>
</form>
<form action="login.php" method="post">
<label for="email">Email:</label>
<input type="text" name="email">
<br />
<label for="password">Password:</label>
<input type="password" name="password">
<button>Login</button>
</form>
// register.php
//register.php
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$regist_day=date('d-m-Y (H:i)');
if (!empty($email) && !empty($password)) {
require_once('lib/db_connect.php');
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)
or die('Error connecting database');
$sql = "INSERT INTO member(email,password,regist_day)";
$sql .= "VALUES ('$email',SHA1('$password'),'$regist_day')";
mysqli_query($dbc,$sql);
echo("
<script>
location.href='try.php'
</script>
") ;
}
else{
echo "You need to enter Email and Password";
}
?>
// login.php
//login.php
<?php
$user_email = $_POST['email'];
$user_password = SHA1($_POST['password']);
if (!empty($user_email) && !empty($user_password)) {
require_once('lib/db_connect.php');
$dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)
or die('Error connecting database');
$sql = "SELECT * FROM member WHERE email = '$user_email'";
$result = mysqli_query($dbc,$sql);
$num_match = mysqli_num_rows($result);
if (!$num_match) {
echo "No result";
}
else{
$sql = "SELECT * FROM member WHERE password = '$user_password' ";
$result = mysqli_query($dbc,$sql);
$password_match = mysqli_num_rows($result);
if (!$password_match) {
echo "SHA1 does not work";
exit;
}
else{
echo"success";
}
}
}
else{
echo "You need to enter both Email and Password";
}
?>
推荐答案
SHA1将加密的密码保存在数据库中。
I want to use SHA1 to save the encrypted password in database.
请不要使用SHA1作为密码。使用 password_hash()
和 password_verify()
。
您可能还需要了解如何防止PHP中的SQL注入因为您发布的代码是可以利用的。
You might also want to learn how to prevent SQL injection in PHP because the code you posted is trivially exploitable.
这篇关于在PHP中使用SHA1进行登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!