注册代码:
<?php
include("config.php");
include("conn.php");
if($_POST['submit']){ $pass=md5($_POST[password].all_ps); $sql = "insert into user (uid,m_id,username,password) " .
"values ('','','{$_POST['username']}','$pass')";
mysql_query($sql);
echo "<script language=\"javascript\">alert('注册成功');history.go(-1)</script>"; }?>
登录代码:
<?php
include ("config.php");
include("conn.php");
if($_POST[submit]){
$username= str_replace(" ","",$_POST[username]);
$sql="select * from user where 'username' = '$username'";
$query=mysql_query($sql);
$us=is_array($row=mysql_fetch_array($query));
$ps= $us ? md5($_POST[password].all_ps)== $row[password] : FALSE;
if($ps){ $_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].all_ps);
echo"登陆成功";
}else{
echo "用户名密码错误";
}}
?>password是经过md5加一个常量all_ps加密过的,登录页面总是显示登录失败
<?php
include("config.php");
include("conn.php");
if($_POST['submit']){ $pass=md5($_POST[password].all_ps); $sql = "insert into user (uid,m_id,username,password) " .
"values ('','','{$_POST['username']}','$pass')";
mysql_query($sql);
echo "<script language=\"javascript\">alert('注册成功');history.go(-1)</script>"; }?>
登录代码:
<?php
include ("config.php");
include("conn.php");
if($_POST[submit]){
$username= str_replace(" ","",$_POST[username]);
$sql="select * from user where 'username' = '$username'";
$query=mysql_query($sql);
$us=is_array($row=mysql_fetch_array($query));
$ps= $us ? md5($_POST[password].all_ps)== $row[password] : FALSE;
if($ps){ $_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].all_ps);
echo"登陆成功";
}else{
echo "用户名密码错误";
}}
?>password是经过md5加一个常量all_ps加密过的,登录页面总是显示登录失败
echo md5($_POST[password].all_ps);
echo $row[password];
看一看是否一致。
2、看看注册与登录username是否一直,你注册与登录未进行统一处理str_replace(" ","",$_POST[username]);
$ps= $us ? md5($_POST[password].all_ps)== $row[password] : FALSE;
这样写很不容易调试
if(is_array($row=mysql_fetch_array($query)) )
{
if(!strcmp( md5($_POST['password'].all_ps), $row['password'])){ // 比对
echo "密码错误";
var_dump(md5($_POST['password'].all_ps);
echo "\n";
var_dump($row['password']);
}
else
echo "你眼花了";
}
else
这样省事,事实上不但影响效率,而且还容易出错。if (md5 ( $_POST ['password'] . all_ps ) == $row ['password']) {
$_SESSION ['uid'] = $row ['uid'];
$_SESSION ['user_shell'] = md5 ( $row ['username'] . $row ['password'] . all_ps );
echo "登陆成功";
} else {
echo "用户名密码错误";
exit ();
}
if(!strcmp( md5($_POST['password'].all_ps), $row['password'])){ /这里有问题吧?判断字符串函数strcmp判断是否相等应该是if (strcmp(str1,str2)!==0){
echo '字符串不相同!';
}