php MySQL 检查数据库中的用户名和密码是否匹配
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5285388/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
MySQL Check if username and password matches in Database
提问by Will Evans
I have a form which has a textbox with the name attribute usernameand another one with the name attribute password. I also have a database with columns called userand pass. When my users signed up it added the username to the usercolumn and password to the passcolumn.
我有一个表单,其中有一个带有 name 属性username和另一个带有 name 属性password的文本框。我还有一个数据库,其中包含名为user和pass 的列。当我的用户注册时,它将用户名添加到用户列,将密码添加到通行列。
How would I make a MySQL query to check if the form submitted the right username and password and then if it did have a branch to let me input the code for if it succeeded?
我将如何进行 MySQL 查询以检查表单是否提交了正确的用户名和密码,然后它是否确实有一个分支让我输入代码是否成功?
I really need some code, this bit isn't going well I know it should be something like SELECT * FROM table WHERE username == $username AND...but then I'm stuck because I have an MD5 password in the database and that first bit is probably wrong. Please help. :)
我真的需要一些代码,这一点不太好,我知道它应该是这样的,SELECT * FROM table WHERE username == $username AND...但后来我被卡住了,因为我在数据库中有一个 MD5 密码,而且第一位可能是错误的。请帮忙。:)
Thanks
谢谢
回答by dave
//set vars
$user = $_POST['user'];
$pass = md5($_POST['pass']);
if ($user&&$pass)
{
//connect to db
$connect = mysql_connect("$server","$username","$password") or die("not connecting");
mysql_select_db("users") or die("no db :'(");
$query = mysql_query("SELECT * FROM $tablename WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
//while loop
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
else
die("incorrect username/password!");
}
else
echo "user does not exist!";
}
else
die("please enter a username and password!");
回答by ArrayOutOfBound
Instead of selecting all the columns in count count(*)you can limit count for one column count(UserName).
您可以限制一列count(UserName) 的计数,而不是选择 count count(*) 中的所有列。
You can limit the whole search to one row by using Limit 0,1
您可以使用 Limit 0,1 将整个搜索限制为一行
SELECT COUNT(UserName)
FROM TableName
WHERE UserName = 'User' AND
Password = 'Pass'
LIMIT 0, 1
回答by Falcon
1.) Storage of database passwords Use some kind of hash with a salt and then alter the hash, obfuscate it, for example add a distinct value for each byte. That way your passwords a super secured against dictionary attacks and rainbow tables.
1.) 数据库密码的存储使用某种带有盐的散列,然后改变散列,混淆它,例如为每个字节添加一个不同的值。这样你的密码就可以防止字典攻击和彩虹表。
2.) To check if the password matches, create your hash for the password the user put in. Then perform a query against the database for the username and just check if the two password hashes are identical. If they are, give the user an authentication token.
2.) 要检查密码是否匹配,请为用户输入的密码创建哈希。然后对数据库执行查询以获取用户名,并检查两个密码哈希是否相同。如果是,请为用户提供身份验证令牌。
The query should then look like this:
查询应如下所示:
select hashedPassword from users where username=?
Then compare the password to the input.
然后将密码与输入进行比较。
Further questions?
进一步的问题?
