如何检查密码是否包含php中的用户名

时间:2012-06-05 22:05:04

标签: php mysql authentication passwords username

这是我的代码。我想再添加一个步骤,如果输入的密码包含输入的用户名,则返回错误,传递不能包含用户名。我在谈论'包含',而不是密码。在这种情况下,我可以简单地做elseif($ password ==“$ user_username”)$ error。= $ lang ['46'];}

如果你能告诉我剧本中的漏洞,我将非常感谢你

$user_username = cleanit($_REQUEST['username']);
    STemplate::assign('user_username',$user_username);
    $password = cleanit($_REQUEST['password']);
    STemplate::assign('password',$password);
    if($user_username == "")
    {
        $error .= $lang['41'];  //Error: Please enter your username
    }
    elseif(strlen($user_username) < 4) //Your username should have 4 chars 
    {
        $error .= $lang['42'];  
    }
    elseif(!preg_match("/^[a-zA-Z0-9]*$/i",$user_username)) //name only contains letters and numbers
    {
        $error .= $lang['43'];
    }
    elseif(!verify_email_username($user_username)) //username already taken
    {
        $error .= $lang['44'];
    }
    elseif($password == "") //no password entered
    {
        $error .= $lang['45'];  
    }


    if($error == "")
    {
        $SID = intval($_SESSION['USERID']);
        $pw = md5($password);
        $query="UPDATE members SET username='".mysql_real_escape_string($user_username)."', password='".mysql_real_escape_string($pw)."', pwd='".mysql_real_escape_string($password)."' WHERE USERID='".mysql_real_escape_string($SID)."'";
        $result=$conn->execute($query);
        $_SESSION['USERNAME']=$user_username;
        header("Location:$config[baseurl]/welcome");exit;
    }      

3 个答案:

答案 0 :(得分:4)

只需将其附加到您的情况:

elseif(stristr($password, $username) !== false) // password contains username
{
    $error .= $lang['46'];  
}

答案 1 :(得分:3)

最简单的事情是stripos

$username = "Corbin";
$password = "mynameiscorbin";
if (stripos($password, $username) !== false) {
    //password contains username
}

答案 2 :(得分:0)

我认为您正在寻找stripos()