PHP MySQL 用户注册表不阻止空密码字段
PHP MySQL User registration form doesn't block empty password fields
我正在尝试使用 PHP 和 MySQL 创建一个简单的用户注册表单。如果密码输入字段为空并且使用空白密码将数据插入数据库,则一切正常,但消息 "Please insert a password." 永远不会回显。我该如何解决这个问题?
<?php
if(isset($_SESSION['username'])){
header("Location: index.php");
}
if(isset($_POST['register'])){
include_once('connect.php');
$name = $surname = $email = $username = "";
$name = strip_tags($_POST['name']);
$surname = strip_tags($_POST['surname']);
$email = strip_tags($_POST['email']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$password_confirm = strip_tags($_POST['password_confirm']);
$name = stripslashes($name);
$surname = stripslashes($surname);
$email = stripslashes($email);
$username = stripslashes($username);
$password = stripslashes($password);
$password_confirm = stripslashes($password_confirm);
$name = mysqli_real_escape_string($conn, $name);
$surname = mysqli_real_escape_string($conn, $surname);
$email = mysqli_real_escape_string($conn, $email);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
$password_confirm = mysqli_real_escape_string($conn, $password_confirm);
$password = md5($password);
$password_confirm = md5($password_confirm);
$sql_store = "insert into user (username, name, surname, email, password) values ('$username', '$name', '$surname', '$email', '$password')";
$sql_fetch_username = "select username from user where username = '$username'";
$sql_fetch_email = "select email from user where email = '$email'";
$query_username = mysqli_query($conn, $sql_fetch_username);
$query_email = mysqli_query($conn, $sql_fetch_email);
if (!empty($name) && !empty($surname) && !empty($email) && !empty($username) && !empty($password) && !empty($password_confirm)){
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
else{
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
else{
if($password != $password_confirm){
echo "The passwords do not match.<br>";
}
else{
mysqli_query($conn, $sql_store);
header("Location: index.php");
}
}
}
}
else{
if($name == ""){
echo "Please insert a name.<br>";
}
if($surname == ""){
echo "Please insert a surname.<br>";
}
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
if($email == ""){
echo "Please insert an email.<br>";
}
else{
echo "The email is not valid.<br>";
}
}
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
if($username == ""){
echo "Please insert an username.<br>";
}
if($password == "" || $password_confirm == ""){
echo "Please insert a password.<br>";
}
}
}
?>
<html>
<body>
<form action="register.php" method="POST">
<input placeholder="Name" name="name" type="text" value="<?php if(!empty($name)){echo $name;}?>">
<input placeholder="Surname" name="surname" type="text" value="<?php if(!empty($surname)){echo $surname;} ?>"><br><br>
<input placeholder="E-Mail Address" name="email" type="text" value="<?php if(!empty($email)){echo $email;} ?>">
<input placeholder="Username" name="username" type="text" value="<?php if(!empty($username)){echo $username;} ?>"><br><br>
<input placeholder="Password" name="password" type="password">
<input placeholder="Confirm Password" name="password_confirm" type="password">
<input name="register" type="submit" value="Register">
</form>
</body>
</html>
您不是在测试密码,而是在测试密码的 md5 哈希值。空字符串的md5散列不为空
还有--
您的错误消息回显在 <html>
元素之外,这并不理想。您应该设置一个验证消息(或者更好 - 为每个输入设置一系列验证消息,可能在一个数组中)然后在 <body>
元素中输出它。
如果这是一个远程安全系统,您应该阅读安全密码哈希。
我正在尝试使用 PHP 和 MySQL 创建一个简单的用户注册表单。如果密码输入字段为空并且使用空白密码将数据插入数据库,则一切正常,但消息 "Please insert a password." 永远不会回显。我该如何解决这个问题?
<?php
if(isset($_SESSION['username'])){
header("Location: index.php");
}
if(isset($_POST['register'])){
include_once('connect.php');
$name = $surname = $email = $username = "";
$name = strip_tags($_POST['name']);
$surname = strip_tags($_POST['surname']);
$email = strip_tags($_POST['email']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$password_confirm = strip_tags($_POST['password_confirm']);
$name = stripslashes($name);
$surname = stripslashes($surname);
$email = stripslashes($email);
$username = stripslashes($username);
$password = stripslashes($password);
$password_confirm = stripslashes($password_confirm);
$name = mysqli_real_escape_string($conn, $name);
$surname = mysqli_real_escape_string($conn, $surname);
$email = mysqli_real_escape_string($conn, $email);
$username = mysqli_real_escape_string($conn, $username);
$password = mysqli_real_escape_string($conn, $password);
$password_confirm = mysqli_real_escape_string($conn, $password_confirm);
$password = md5($password);
$password_confirm = md5($password_confirm);
$sql_store = "insert into user (username, name, surname, email, password) values ('$username', '$name', '$surname', '$email', '$password')";
$sql_fetch_username = "select username from user where username = '$username'";
$sql_fetch_email = "select email from user where email = '$email'";
$query_username = mysqli_query($conn, $sql_fetch_username);
$query_email = mysqli_query($conn, $sql_fetch_email);
if (!empty($name) && !empty($surname) && !empty($email) && !empty($username) && !empty($password) && !empty($password_confirm)){
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
else{
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
else{
if($password != $password_confirm){
echo "The passwords do not match.<br>";
}
else{
mysqli_query($conn, $sql_store);
header("Location: index.php");
}
}
}
}
else{
if($name == ""){
echo "Please insert a name.<br>";
}
if($surname == ""){
echo "Please insert a surname.<br>";
}
if(mysqli_num_rows($query_username)){
echo "That username is already in use.<br>";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
if($email == ""){
echo "Please insert an email.<br>";
}
else{
echo "The email is not valid.<br>";
}
}
if(mysqli_num_rows($query_email)){
echo "That email is already in use.<br>";
}
if($username == ""){
echo "Please insert an username.<br>";
}
if($password == "" || $password_confirm == ""){
echo "Please insert a password.<br>";
}
}
}
?>
<html>
<body>
<form action="register.php" method="POST">
<input placeholder="Name" name="name" type="text" value="<?php if(!empty($name)){echo $name;}?>">
<input placeholder="Surname" name="surname" type="text" value="<?php if(!empty($surname)){echo $surname;} ?>"><br><br>
<input placeholder="E-Mail Address" name="email" type="text" value="<?php if(!empty($email)){echo $email;} ?>">
<input placeholder="Username" name="username" type="text" value="<?php if(!empty($username)){echo $username;} ?>"><br><br>
<input placeholder="Password" name="password" type="password">
<input placeholder="Confirm Password" name="password_confirm" type="password">
<input name="register" type="submit" value="Register">
</form>
</body>
</html>
您不是在测试密码,而是在测试密码的 md5 哈希值。空字符串的md5散列不为空
还有--
您的错误消息回显在 <html>
元素之外,这并不理想。您应该设置一个验证消息(或者更好 - 为每个输入设置一系列验证消息,可能在一个数组中)然后在 <body>
元素中输出它。
如果这是一个远程安全系统,您应该阅读安全密码哈希。