我希望在我的代码中进行服务器端检查。提交表单后,我应该在表单检查服务器端,并且应该回显错误。但就像现在一样,无论我做什么,都会注册一个帐户。提交按钮会跳过所有服务器端检查,只是将该帐户添加到数据库中。
这是我的Javascript
$("#registerSubmit").click(function(e) {
document.getElementById("registerSubmit").disabled = true;
document.getElementById('strongText').innerHTML = "Creating account, please wait...<br>";
$("#strongText").fadeIn();
e.preventDefault();
$("input[name='username']").val($("#input-2").val());
$("input[name='firstname']").val($("#input-1").val());
$("input[name='password1']").val($("#input-3").val());
$("input[name='password2']").val($("#input-4").val());
$("input[name='email']").val($("#input-5").val());
var username = $("input[name='username']").val();
var firstname = $("input[name='firstname']").val();
var password1 = $("input[name='password1']").val();
var password2 = $("input[name='password2']").val();
var email = $("input[name='email']").val();
$.ajax({
type: 'POST',
data: {
username: username,
firstname: firstname,
password1: password1,
password2: password2,
email: email
},
url: 'checkuser.php',
success: function(data) { //Receives the data from the php code
//console.log(data);
if (data == "Unavailable") {
document.getElementById('strongText').innerHTML = "Username Unavailable<br>";
document.getElementById("registerSubmit").disabled = false;
} else if(data == 'Email_Exists') {
document.getElementById('strongText').innerHTML = "Email Already Registered<br>";
document.getElementById("registerSubmit").disabled = false;
} else {
$.post(
'registerCheck.php',
$('#registerform').serialize(),
function(data,status){
document.getElementById('strongText').innerHTML = data + "<br>";
window.location.href = "/login.php";
}
);
//window.location.href = "/login.php";
}
},
error: function(xhr, err) {
console.log("readyState: " + xhr.readyState + "\nstatus: " + xhr.status);
console.log("responseText: " + xhr.responseText);
}
});
});
这是我的PHP
<?php
require 'databaseinformation.php';
$firstname = $_POST["firstname"];
$password1 = $_POST["password1"];
$password2 = $_POST["password2"];
$email = $_POST["email"];
$ip = $_SERVER['REMOTE_ADDR'];
$username = $_POST["username"];
$mysqli = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_DATABASE);
if(mysqli_connect_errno()) {
echo "Connection Failed.";
exit();
}
if (strlen($username) < 3 || strlen($username) > 15) {
echo "Username must be between 3 and 15 characters";
} elseif (strlen($password1) < 5 || strlen($password1) > 25) {
echo "Password must be between 5 and 25 characters";
} elseif ( $password1 !== $password2) {
echo "Password are mismatched";
} elseif (strpos($email,'@') !== true || strpos($email,'.') !== true) {
echo "Not a valid E-Mail";
} elseif ($stmt = $mysqli->prepare("SELECT `username` FROM `accounts` WHERE username = ?")) {
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows) {
//echo json_encode("0");
echo "Unavailable";
//if unavailable
// header('Location: /register.html');
}
else {
if ($stmt = $mysqli->prepare("SELECT `email` FROM `accounts` WHERE email = ?")) {
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows) {
//echo json_encode("2");
echo "Email_Exists";
//if unavailable
// header('Location: /register.html');
}
else {
//echo json_encode("1");
echo "1";
}
}
}
}
$mysqli->close();
?>
答案 0 :(得分:1)
问题在于您的电子邮件验证码,无论您做什么,您始终会从服务器获取Not a valid E-Mail消息。并且,由于在AJAX成功时未处理,因此始终执行 else block ,因此您的下一个 POST块。
所以,相反,这是电子邮件验证,
} elseif (strpos($email, '@') == false || strpos($email, '.') == false) {
或
} elseif (strpos($email, '@') == 0 || strpos($email, '.') == 0) {
!== Not identical
例如。 $ x!== $ y如果$ x不等于$ y,或者它们的类型不同,则返回true
并且,strpos($email, '@')返回你对布尔值进行了整数的类型Integer。
并且,您遗漏了不同的验证消息,例如
请处理AJAX的全部成功。
if(data == "Unavailable") {
}else if(data == 'Email_Exists') {
}else if (data == 'Username must be between 3 and 15 characters'){
}else if (data == 'Password must be between 5 and 25 characters'){
}else if (data == 'Password are mismatched'){
}else if(data=='Not a valid E-Mail'){
}