0

パスワード md5 を暗号化して signup.php を設定しました。常に間違ったパスワードが構文である可能性がありますが、それを理解できませんでした...

signup.php

if (isset($_POST['user']))
{
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);

    if ($user == "" || $pass == "")
        $error = "Not all fields were entered<br /><br />";
    else
    {
        if (mysql_num_rows(queryMysql("SELECT * FROM members
              WHERE user='$user'")))
            $error = "That username already exists<br /><br />";
        else
          {
            queryMysql("INSERT INTO members VALUES('$user', '".md5('$pass')."')");
            die("<h4>Account created</h4>Please Log in.<br /><br />");
        }
    }
}

login.php

if(isset($_POST['user'])) {
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);

    if ($user == "" || $pass == "") {
    $error = "Not all fields were entered<br />";
    } else {
        $query = "SELECT user,pass FROM members WHERE user = '$user' AND pass = \'\".md5('$pass').\"\'";

        if(mysql_num_rows(queryMysql($query)) == 0) {
            $error = "<span class='error'>Username/Password invalid</span><br /><br />";
        } else {
            $_SESSION['user'] = $user;
            $_SESSION['pass'] = $pass;
            die("You are now logged in. Please <a href='society.php?view=$user'>" . 
                "click here</a> to continue.<br /><br />");
            }
        }
    }
4

1 に答える 1

1

md5('$pass')バグのある部分はからだと思います

queryMysql("INSERT INTO members VALUES('$user', '".md5('$pass')."')");

そこには補間されていない文字列があるため、次を試してください。

queryMysql("INSERT INTO members VALUES('$user', '".md5($pass)."')");
于 2013-03-17T19:11:57.060 に答える