SHA1密码加密返回未定义的索引

时间:2014-11-26 19:44:20

标签: php mysqli sha

我对php和mysqli很新,我希望有人可以帮助我。 以下代码成功插入了firstname,lastname,email和注册日期,但是我收到了一个带有密码的未识别索引警告,并且没有在mysql中插入任何内容。 我知道SHA1不是最好的加密技术,我知道这个代码很脆弱,我还有很多工作要做。我只是需要有人建议我哪里出错了以及我需要做些什么来纠正这个问题。提前谢谢了。      

$page_title = 'Register';
$q = 'query';


if (isset($_POST['submitted'])){

$errors = array();//initialise error array

//check for first name
if (empty($_POST['first_name'])) {
    $errors[] = 'you forgot to enter your first name';
} else {
    $fn=trim($_POST['first_name']);
}

//check for last name
if (empty($_POST['last_name'])) {
    $errors[] = 'you forgot to enter your last name';
} else {
    $fn=trim($_POST['last_name']);
}

//check for email
if (empty($_POST['email'])) {
    $errors[] = 'you forgot to enter your email';
} else {
    $fn=trim($_POST['email']);
}

//check passwords against each other
if (!empty($_POST['pass1'])){

    if(!empty($_POST['pass1'])) {
        if ($_POST['pass1'] != $_POST['pass2']) {
            $errors[] = 'Passwords dont match';
            } else {
                $p = trim($_POST['pass1']);
            }
        } else {
            $errors[] = 'You forgot to enter your password.';
        }

    if (empty($errors)) {

        require_once ('mysqli_connect.php');

        //make query
        $q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES 
        ('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','".$_POST["SHA1('pass')"]."', NOW())";

        $r = @mysqli_query ($dbc,$q); //run query

        if($r) {
            echo 'Registration complete';
        } else {
            echo 'System error, could not register you';

            //debug msg
            echo '<p>'.mysqli_error($dbc).
            '<br/><br/>Query: '.$q.
            '</p>';
        }

        mysqli_close($dbc);

    }else { //report errors
    echo 'The following errors occurred: <br/>';
    foreach ($errors as $msg) {
    echo "- $msg<br/>/n";
    }
    }
}
}
?>
<html>
<head></head>
<h1>Register</h1>
<body>
<form action="register.php" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="20"           value="<?php if(isset($_POST['first_name'])) echo $_POST['first_name']; ?>"/></p>
<p>Last Name: <input type="text" name="last_name" size="15" maxlength="20"  value="<?php if(isset($_POST['last_name'])) echo $_POST['last_name']; ?>"/></p>
<p>Email Address: <input type="text" name="email" size="15" maxlength="20"   value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>"/></p>
<p>Password: <input type="password" name="pass1" size="10" maxlength="20"/></p>
<p>Confirm Password: <input type="password" name="pass2" size="10" maxlength="20"/></p>
<p><input type="submit" name="submit" value="register"/></p>
<input type="hidden" name="submitted" value="TRUE"/>
</form>
</body>
</html>

1 个答案:

答案 0 :(得分:0)

在您的查询变量$q中,此值错误:$_POST["SHA1('pass')"]更改为您的密码变量,如下所示:

//make query
$q = "INSERT INTO users (first_name,last_name,email,pass,registration_date) VALUES 
('".$_POST["first_name"]."','".$_POST["last_name"]."','".$_POST["email"]."','". sha1($p) ."', NOW())";

考虑自己在存储密码时采用更好的方法,请查看函数password_hash()以获得更好的安全性。

相关问题
最新问题