这是我的代码。我想再添加一个步骤,如果输入的密码包含输入的用户名,则返回错误,传递不能包含用户名。我在谈论'包含',而不是密码。在这种情况下,我可以简单地做elseif($ password ==“$ user_username”)$ error。= $ lang ['46'];}
如果你能告诉我剧本中的漏洞,我将非常感谢你
$user_username = cleanit($_REQUEST['username']);
STemplate::assign('user_username',$user_username);
$password = cleanit($_REQUEST['password']);
STemplate::assign('password',$password);
if($user_username == "")
{
$error .= $lang['41']; //Error: Please enter your username
}
elseif(strlen($user_username) < 4) //Your username should have 4 chars
{
$error .= $lang['42'];
}
elseif(!preg_match("/^[a-zA-Z0-9]*$/i",$user_username)) //name only contains letters and numbers
{
$error .= $lang['43'];
}
elseif(!verify_email_username($user_username)) //username already taken
{
$error .= $lang['44'];
}
elseif($password == "") //no password entered
{
$error .= $lang['45'];
}
if($error == "")
{
$SID = intval($_SESSION['USERID']);
$pw = md5($password);
$query="UPDATE members SET username='".mysql_real_escape_string($user_username)."', password='".mysql_real_escape_string($pw)."', pwd='".mysql_real_escape_string($password)."' WHERE USERID='".mysql_real_escape_string($SID)."'";
$result=$conn->execute($query);
$_SESSION['USERNAME']=$user_username;
header("Location:$config[baseurl]/welcome");exit;
}
答案 0 :(得分:4)
只需将其附加到您的情况:
elseif(stristr($password, $username) !== false) // password contains username
{
$error .= $lang['46'];
}
答案 1 :(得分:3)
最简单的事情是stripos:
$username = "Corbin";
$password = "mynameiscorbin";
if (stripos($password, $username) !== false) {
//password contains username
}
答案 2 :(得分:0)
我认为您正在寻找stripos()
。