我的验证和密码哈希注册有问题。
问题是我创建了一个验证并且它有效,然后我创建了密码哈希部分,它也可以工作......但是现在验证不起作用。
似乎它会跳过验证并将信息保存在数据库中并散列密码。 如何进行验证和散列密码以及保存数据库中的信息?
我不知道如何解释更多,但如果你不理解或需要更多信息告诉我。
用户在表单中插入信息,然后进入验证并通过验证,如果验证中没有错误,则转到try / catch并将信息插入数据库并且"散列"密码。
这两部分(验证并使用哈希密码插入数据库)完全分离,但当我将两部分放在一起时,验证不起作用,它会跳过它。
html-form
<form action="index.php" method="post">
<table>
<tr><td>
<label for="fullname">Fullname<span class="req">*</span></label>
</td>
<td><input type="text" name="fullname" value="<? echo $fullname ?>"><span class="error"><?php echo $fullnameErr; ?></span>
</td></tr>
<tr><td>
<label for="email">Email<span class="req">*</span></label></td>
<td><input type="email" name="email" value="<? echo $email ?>"><span class="error"><?php echo $emailErr; ?></span>
</td></tr>
<tr><td>
<label for="user">Username<span class="req">*</span></label>
</td>
<td><input type="text" name="user" value="<? echo $user ?>"><span class="error"><?php echo $userErr; ?></span>
</td></tr>
<tr><td>
<label for="pass">Password</label><span class="req">*</span</td>
<td><input id="pass" name="pass" type="password" value=""><span class="error"><?php echo $passErr; ?></span>
</td></tr>
<tr><td>
<label for="rePass">Re-Password</label><span class="req">*</span</td>
<td><input id="rePass" name="rePass" type="password" value=""><span class="error"><?php echo $rePassErr; ?></span>
</td></tr>
<tr><td><input type="submit" name="submit" value="Sign Up">
</td></tr>
</table>
</form>
这是php验证并使用哈希密码保存到数据库中。
<?php
$fullname = $user = $email = $pass = $rePass = "" ;
$fullnameErr = $userErr = $emailErr = $passErr = $rePassErr = "";
?>
<?php
if(isset($_POST["submit"])){
$fullname = trim($_POST["fullname"]);
$email = trim($_POST["email"]);
$user = trim($_POST["user"]);
$pass = trim($_POST["pass"]);
$rePass = trim($_POST["rePass"]);
if (!preg_match("/^[A-Za-z ]*$/", $fullname)) {
$fullnameErr = "Only letters are allowed";
}
if (!preg_match("/^[A-Za-z0-9]*$/",$user)) {
$userErr = "Only letters and numbers are allowed";
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
if (!strlen($pass) > 8) {
$passErr = "Password at least 8 characters";
}
if (empty($_POST["fullname"])) {
$fullnameErr = "Fullname is required";
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
}
if (empty($_POST["user"])) {
$userErr = "Username is required";
}
if (empty($_POST["pass"])) {
$passErr = "Password is required";
}
if (empty($_POST["rePass"])) {
$rePassErr = "re-enter password is required";
}
if ($_POST["rePass"] != $_POST["pass"]) {
$rePassErr = "The re-entered password don't match";
}
try{
require_once("db_connect.php");
$options = [
'cost' => 12,
];
$hashedPass = password_hash($pass, PASSWORD_BCRYPT, $options);
$query = "INSERT INTO users (fullname, email, user, pass) ";
$query .= "VALUES (:fullname, :email, :user, :pass)";
$ps = $db->prepare($query);
$result = $ps->execute(
array(
'fullname' => $fullname,
'email' => $email,
'user' => $user,
'pass' => $hashedPass
));
if($result){
header("Location: index.php?signup=true");
}else {
echo "Signup failed";
}
}catch(Exception $exception) {
echo "Query failed, see below: <br><br>";
echo $exception."<br /><br />";
}
}
?>
感谢您的帮助!
答案 0 :(得分:0)
如果您的某个验证失败,您需要某种方法来停止执行脚本。
例如
if (empty($_POST["user"])) {
$userErr = "Username is required";
return $userErr;
}
否则它将继续运行,无论验证是否失败,都会发生散列和数据库插入。
答案 1 :(得分:0)
我找到答案嘿嘿..但我会发布它,这样你就可以看出是否有人有同样的问题..
if(empty($fullnameErr) && empty($emailErr) && empty($userErr) && empty($passErr) && empty($rePassErr)) { THE CODE OF TRY/CATCH }
<?php
if(isset($_POST["submit"])){
$fullname = trim($_POST["fullname"]);
$email = trim($_POST["email"]);
$user = trim($_POST["user"]);
$pass = trim($_POST["pass"]);
$rePass = trim($_POST["rePass"]);
if (!preg_match("/^[A-Za-z ]*$/", $fullname)) {
$fullnameErr = "Only letters are allowed";
}
if (!preg_match("/^[A-Za-z0-9]*$/",$user)) {
$userErr = "Only letters and numbers are allowed";
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
if (!strlen($pass) > 8) {
$passErr = "Password at least 8 characters";
}
if (empty($_POST["fullname"])) {
$fullnameErr = "Fullname is required";
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
}
if (empty($_POST["user"])) {
$userErr = "Username is required";
}
if (empty($_POST["pass"])) {
$passErr = "Password is required";
}
if (empty($_POST["rePass"])) {
$rePassErr = "re-enter password is required";
}
if ($_POST["rePass"] != $_POST["pass"]) {
$rePassErr = "The re-entered password don't match";
}
if(empty($fullnameErr) && empty($emailErr) && empty($userErr) && empty($passErr) && empty($rePassErr)) {
try{
require_once("db_connect.php");
$options = [
'cost' => 12,
];
$hashedPass = password_hash($pass, PASSWORD_BCRYPT, $options);
$query = "INSERT INTO users (fullname, email, user, pass) ";
$query .= "VALUES (:fullname, :email, :user, :pass)";
$ps = $db->prepare($query);
$result = $ps->execute(
array(
'fullname' => $fullname,
'email' => $email,
'user' => $user,
'pass' => $hashedPass
));
if($result){
header("Location: index.php?signup=true");
}else {
echo "Signup failed";
}
}catch(Exception $exception) {
echo "Query failed, see below: <br><br>";
echo $exception."<br /><br />";
}
}
}
?>