我正在使用以下数据库编写基本的PHP注册脚本:
DROP TABLE IF EXISTS authentication;
CREATE TABLE authentication (
userID SERIAL UNIQUE REFERENCES users(userID),
eMail TEXT PRIMARY KEY REFERENCES users(eMail),
passwordSalt TEXT,
hashedSalt TEXT,
saltText TEXT,
securityAnswer1 TEXT,
securityAnswer2 TEXT,
securityAnswer3 TEXT
);
以及以下注册脚本:
<?php
include 'https.php';
//Create a connection to the database. If the connection fails, kill the
//process and issue an error message
$conn = pg_connect("host=localhost user=myusername password=mypassword dbname=mydatabase");
if (!$conn) {
die("Failed to connect to database.");
}
//If the register button is pressed..
if (isset($_POST['submit'])) {
//Check to make sure password+confirmation match. If not, error out.
if ($_POST['password'] != $_POST['confirm-password']) {
echo 'ERROR: passwords do not match<br />';
echo 'Return to <a href="registration.php">registration</a> page.<br />';
break;
}
//Then check to make sure the username doesn't already exist in the DB.
$result = pg_prepare($conn, "duplicateUser", 'SELECT username FROM mydatabase.users WHERE username = $1');
$result = pg_execute($conn, "duplicateUser", array($_POST['username']));
$row = pg_fetch_assoc($result);
//If it already exists, set match to true.
foreach ($row as $res) {
if ($res == $_POST['username'])
$match = true;
}
//If match is true, error out.
if ($match == true) {
echo 'ERROR: username already in use<br />';
echo 'Return to <a href="registration.php">registration</a> page.<br />';
$match = false;
break;
}
}
?>
<html>
<head>
<title>Registration page</title>
</head>
<body>
<form method='POST' action='registration.php'>
Username (e-mail): <input type='text' name='username' /><br />
Password: <input type='password' name='password' /><br />
Confirm password: <input type='password' name='confirm-password' /><br />
<input type='submit' name='submit' value='Register' /><br />
</form>
Return to <a href='index.php'>login</a> page.<br />
</body>
</html>
<?php
//If the registration button is pressed..
if (isset($_POST['submit'])) {
//Take the username and password, salt the password using an SHA1
//encryption of a random number, concatenate the password to the
//beginning of the salt, then save the SHA1 of that concatenation
//as the hashed and salted password.
$username = $_POST['username'];
$confirmusername = $_POST['confirm-username'];
$password = $_POST['password'];
$confirmpassword = $_POST['confirm-password'];
if ($username != $confirmusername)
echo "Please make sure your username is consistent.";
if ($password != $confirmpassword)
echo "Please make sure your passwords match.";
$salt = sha1(rand());
$saltedPass = $password.$salt;
$hashedSalt = sha1($saltedPass);
//Store the username, hashed+salted password, and salt in the
//authentication table.
$result = pg_prepare($conn, "authentication", 'INSERT INTO mydatabase.authentication VALUES ($1, $2, $3)');
$result = pg_execute($conn, "authentication", array($username, $salt, $hashedSalt));
//Start the session, set the $_SESSION variables loggedin to true and
//username to the supplied username, then redirect to index.php
session_start();
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
header("Location: index.php");
}
?>
但是当我使用PHPpgAdmin时,行还没有插入到数据库中。有什么想法吗?
感谢。
答案 0 :(得分:1)
首先想到的是你需要显式提交事务。 This answer似乎证实Postgres没有自动提交。
答案 1 :(得分:1)
代码应测试pg_prepare
和pg_execute
的结果,并在出错时显示或记录pg_last_error()
。否则你在任何问题上都处于黑暗中。
此外,由于它连接到名为mydatabase
的数据库并将表引用为mydatabase.tablename
,因此可以合理地怀疑您是否正在应用此MySQL将数据库名称添加到表名称之前。它不适用于Postgres。 MySQL的数据库相当于PostgreSQL中的模式。
因此,除非您已明确创建名为mydatabase
的postgres架构,否则请尝试不带任何前缀:
INSERT INTO authentication VALUES ($1, $2, $3)
这也适用于之前可能因同样原因失败的SELECT
,并且它也没有错误检查。