私はphpの初心者で、登録とログインを作成しようとしています。ユーザーを登録しようとすると機能しますが、ログインすると :Login failed と表示されます。何が起こっているのか理解できません。誰かが私が間違ったことを説明してください!
regproc.php
<?php
if(isset($_POST['reg']))
{
require "dbconn.php";
//$username = strip_tags($_POST['username']);
//$password=md5(strip_tags($_POST['password']));
// $repass=md5(strip_tags($_POST['repassword']));
$username = strip_tags($_POST['username']);
$password = $_POST['password'];
$email=$_POST['email'];
// A higher "cost" is more secure but consumes more processing power
$cost = 10;
// Create a random salt
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
// Prefix information about the hash so PHP knows how to verify it later.
// '$2a$?' Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
$salt = sprintf('$2a$%02d$?', $cost) . $salt;
// Value:
// $2a$10$eImiTXuWVxfM37uY4JANjQ==
// Hash the password with the salt
$hash = crypt($password, $salt);
// Value:
// $2a$10$eImiTXuWVxfM37uY4JANjOL.oTxqp7WylW7FCzx2Lc7VLmdJIddZq
//if(!strcmp($password,$repass)==0)
//
//header('Location:./reg.php?pass=password not match');
//exit (0);
//
/*This insert command for username and password only, if you need any other column you can insert it here*/
mysql_query("INSERT INTO users(username,password,hash,email) VALUES ('$username','$password','$hash','$email')") or die("".mysql_error());
//Here you can write conformation or success message or use any redirect
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<label>Username:<input type="text" name="username" /></label>
<label>Password:<input type="password" name="password" /></label>
<label>Email:<input type="text" name="email" /></label>
<span style="size:10%;color:#FF0000"><?php if(isset($_GET["pass"])) { echo $_GET["pass"]; }
?></span>
<input type="submit" value="reg" name="reg" />
</form>
login.php
<?php
if(isset($_POST['username']) && isset($_POST['password']))
{
$username = $_POST['username']; // e.g. 'Admin'
$password = $_POST['password']; // e.g. 'gf45_gdf#4hg';
$dbh = new PDO('mysql:host=localhost;dbname=universiteti', 'root', '');
$sth = $dbh->prepare('SELECT hash FROM users WHERE username = :username LIMIT 1');
$sth->bindParam(':username', $username);
$sth->execute();
$user = $sth->fetch(PDO::FETCH_OBJ);
// Hashing the password with its hash as the salt returns the same hash
if ( crypt($password, $user->hash) == $user->hash ) {
exit('Logged in successfully');
}
else
{
exit('Login failed');
}
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type='text' name="username" maxlength="50" placeholder="Username" />
<input type='password' name='password' maxlength="50" />
<input type='submit' name='Submit' value='Log In' />
</form>