<?php
require("conn.php");$username = $_POST['username']
$password = md5($_POST['password']); //包含数据库连接文件 //检测用户名及密码是否正确
$check_query = mysql_query("select * from ecs_users where username='$username' and password='$password' limit 1");
if($result = mysql_fetch_array($check_query)){
//登录成功
session_start();
$_SESSION['username'] = $username;
$_SESSION['userid'] = "11";
echo $username,' 欢迎你!登录成功';
exit;
} else {
exit('登录失败!点击此处 <a href="javascript:history.back(-1);">返回</a> 重试');
}
?>
我想自己增加一个验证登录的页面,然后ecshop的密码应该是cmd5的,然后如何调用cmd5的验证呢?有弄过的麻烦帮一下我这样写总是不行,应该是加密问题
require("conn.php");$username = $_POST['username']
$password = md5($_POST['password']); //包含数据库连接文件 //检测用户名及密码是否正确
$check_query = mysql_query("select * from ecs_users where username='$username' and password='$password' limit 1");
if($result = mysql_fetch_array($check_query)){
//登录成功
session_start();
$_SESSION['username'] = $username;
$_SESSION['userid'] = "11";
echo $username,' 欢迎你!登录成功';
exit;
} else {
exit('登录失败!点击此处 <a href="javascript:history.back(-1);">返回</a> 重试');
}
?>
我想自己增加一个验证登录的页面,然后ecshop的密码应该是cmd5的,然后如何调用cmd5的验证呢?有弄过的麻烦帮一下我这样写总是不行,应该是加密问题
加密的验证码传到前台在同一提交数据的时候在和用户输入的验证码同一传送到后台对传过来的验证码进行md5加密进行比对即可
$_POST['password'] = isset($_POST['password']) ? trim($_POST['password']) : ''; $sql="SELECT `ec_salt` FROM ". $ecs->table('admin_user') ."WHERE user_name = '" . $_POST['username']."'";
$ec_salt =$db->getOne($sql);
if(!empty($ec_salt)) //如果有衍值
{
/* 检查密码是否正确 */
$sql = "SELECT t1.user_id, t1.user_name, t1.password, t1.last_login, t2.action_list, t1.last_login,t1.suppliers_id,t1.ec_salt".
" FROM " . $ecs->table('admin_user') .
" t1 left join ".$ecs->table('touch_priv')." t2 on t1.user_id = t2.user_id WHERE t1.user_name = '" . $_POST['username']. "' AND t1.password = '" . md5(md5($_POST['password']).$ec_salt) . "'";
}
else
{
/* 检查密码是否正确 */
$sql = "SELECT t1.user_id, t1.user_name, t1.password, t1.last_login, t2.action_list, t1.last_login,t1.suppliers_id,t1.ec_salt".
" FROM " . $ecs->table('admin_user') .
" t1 left join ".$ecs->table('touch_priv')." t2 on t1.user_id = t2.user_id WHERE t1.user_name = '" . $_POST['username']. "' AND t1.password = '" . md5($_POST['password']) . "'";
}
$row = $db->getRow($sql);
ecshop的加密密码方式为:md5(md5($_POST['password']).$ec_salt) , $ec_salt为衍值。
2.
用用户传过来的密码进行加密,
$salt是密钥,你应该可以在代码找到的。
$password = md5(md5($_POST['password']).$salt); 然后判断$password是否与数据库获取的密码一致,判断是否登入成功。