使用哈希 sha1() 的用户密码验证不起作用
user password validation with hash sha1() don't work
<?php
require('login_include_connection.php');
if (isset($_POST['btn_confirm'])) {
$user_name=$_POST['user_name'];
$user_password=sha1($_POST['user_password']);
if (empty($user_name) || empty($user_password)) {
#This validation works only if user place user name, leaving blank password will still works which is not ok
echo "Please make corect inputs!!!"; #Both fields must have inputs
} else {
$sql="INSERT into user_info (id, user_name, user_password) VALUES (null, '$user_name', '$user_password')";
$result=mysqli_query($conn, $sql); #Proceed with sql query and place record to MySQL database
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
<style type="text/css">
body {
background-color: lightblue;
}
</style>
</head>
<body>
<h2>User registration</h2>
<form method="POST" action="sesija_registracija.php">
<input type="text" name="user_name">
<input type="password" name="user_password">
<input type="submit" name="btn_confirm" value="REGISTER USER NOW">
</form>
</body>
</html>
抱歉大家对上一个问题的错误解释。因此,如您所见,有基本的注册 PHP 脚本。它需要填写用户名和密码。即使没有密码值,我的表单也会将用户名放入数据库中。那么 if 语句有什么问题,empty() 不适用于 sha1() 或其他?我只想确保用户必须填写这两个字段。
$user_password=sha1($_POST['user_password']);
即使 POSTed 字符串为空,也会 return 一个非空字符串。
您需要在 if 条件后对密码进行哈希处理:
$user_password = $_POST['user_password'];
if (empty($user_name) || empty($user_password)) {
#This validation works only if user place user name, leaving blank password will still works which is not ok
echo "Please make corect inputs!!!"; #Both fields must have inputs
} else {
$user_password = sha1($_POST['user_password']);
$sql="INSERT into user_info (id, user_name, user_password) VALUES (null, '$user_name', '$user_password')";
$result=mysqli_query($conn, $sql); #Proceed with sql query and place record to MySQL database
}
此外,请注意,如评论所述,您容易受到 SQL 注入攻击。
你的哈希也应该加盐。
<?php
require('login_include_connection.php');
if (isset($_POST['btn_confirm'])) {
$user_name=$_POST['user_name'];
$user_password=sha1($_POST['user_password']);
if (empty($user_name) || empty($user_password)) {
#This validation works only if user place user name, leaving blank password will still works which is not ok
echo "Please make corect inputs!!!"; #Both fields must have inputs
} else {
$sql="INSERT into user_info (id, user_name, user_password) VALUES (null, '$user_name', '$user_password')";
$result=mysqli_query($conn, $sql); #Proceed with sql query and place record to MySQL database
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
<style type="text/css">
body {
background-color: lightblue;
}
</style>
</head>
<body>
<h2>User registration</h2>
<form method="POST" action="sesija_registracija.php">
<input type="text" name="user_name">
<input type="password" name="user_password">
<input type="submit" name="btn_confirm" value="REGISTER USER NOW">
</form>
</body>
</html>
抱歉大家对上一个问题的错误解释。因此,如您所见,有基本的注册 PHP 脚本。它需要填写用户名和密码。即使没有密码值,我的表单也会将用户名放入数据库中。那么 if 语句有什么问题,empty() 不适用于 sha1() 或其他?我只想确保用户必须填写这两个字段。
$user_password=sha1($_POST['user_password']);
即使 POSTed 字符串为空,也会 return 一个非空字符串。
您需要在 if 条件后对密码进行哈希处理:
$user_password = $_POST['user_password'];
if (empty($user_name) || empty($user_password)) {
#This validation works only if user place user name, leaving blank password will still works which is not ok
echo "Please make corect inputs!!!"; #Both fields must have inputs
} else {
$user_password = sha1($_POST['user_password']);
$sql="INSERT into user_info (id, user_name, user_password) VALUES (null, '$user_name', '$user_password')";
$result=mysqli_query($conn, $sql); #Proceed with sql query and place record to MySQL database
}
此外,请注意,如评论所述,您容易受到 SQL 注入攻击。
你的哈希也应该加盐。