alert('账号、密码和令牌不能为空');history.go(-1);"; exit; } // 从数据库获取盐值和安全令牌 $sql = "SELECT salt, token FROM admin WHERE user='$name';"; $result = mysqli_query($con, $sql); $row = mysqli_fetch_assoc($result); $salt = $row['salt']; $dbToken = $row['token']; // 在查询中使用明文密码进行验证 $sql = "SELECT user, password FROM admin WHERE user='$name' AND password='$pwd';"; $result = mysqli_query($con, $sql); $row = mysqli_num_rows($result); $_SESSION["username"] = $name; if ($row) { // 验证通过 $hashedToken = md5($token . $salt); // 使用盐值对用户输入的令牌进行加密处理 if ($hashedToken === $dbToken) { echo ""; } else { echo ""; } } else { // 验证失败 echo ""; } ?>