表格未经检查

时间:2015-01-26 08:17:22

标签: javascript php jquery ajax

我希望在我的代码中进行服务器端检查。提交表单后,我应该在表单检查服务器端,并且应该回显错误。但就像现在一样,无论我做什么,都会注册一个帐户。提交按钮会跳过所有服务器端检查,只是将该帐户添加到数据库中。

这是我的Javascript

 $("#registerSubmit").click(function(e) {
            document.getElementById("registerSubmit").disabled = true; 
            document.getElementById('strongText').innerHTML = "Creating account, please wait...<br>";
            $("#strongText").fadeIn();
            e.preventDefault();
            $("input[name='username']").val($("#input-2").val());
            $("input[name='firstname']").val($("#input-1").val());
            $("input[name='password1']").val($("#input-3").val());
            $("input[name='password2']").val($("#input-4").val());
            $("input[name='email']").val($("#input-5").val());
            var username = $("input[name='username']").val();
            var firstname = $("input[name='firstname']").val();
            var password1 = $("input[name='password1']").val();
            var password2 = $("input[name='password2']").val();
            var email = $("input[name='email']").val();
            $.ajax({
                type: 'POST',
                data: {
                    username: username,
                    firstname: firstname,
                    password1: password1,
                    password2: password2,
                    email: email
                },
                url: 'checkuser.php',
                success: function(data) { //Receives the data from the php code 
                    //console.log(data);
                    if (data == "Unavailable") {
                        document.getElementById('strongText').innerHTML = "Username Unavailable<br>";
                        document.getElementById("registerSubmit").disabled = false; 
                    } else if(data == 'Email_Exists') {
                        document.getElementById('strongText').innerHTML = "Email Already Registered<br>";
                        document.getElementById("registerSubmit").disabled = false; 
                    } else {
                        $.post(
                            'registerCheck.php', 
                            $('#registerform').serialize(),
                            function(data,status){
                                document.getElementById('strongText').innerHTML = data + "<br>";
                                window.location.href = "/login.php";
                            }
                        );
                        //window.location.href = "/login.php";
                    }

                },
                error: function(xhr, err) {
                    console.log("readyState: " + xhr.readyState + "\nstatus: " + xhr.status);
                    console.log("responseText: " + xhr.responseText);
                }
            });

        });

这是我的PHP

<?php
require 'databaseinformation.php';

$firstname = $_POST["firstname"];
$password1 = $_POST["password1"];
$password2 = $_POST["password2"];
$email = $_POST["email"];
$ip = $_SERVER['REMOTE_ADDR'];
$username = $_POST["username"];

$mysqli = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_DATABASE);


if(mysqli_connect_errno()) {
    echo "Connection Failed.";
    exit();
}

if (strlen($username) < 3 || strlen($username) > 15) {
    echo "Username must be between 3 and 15 characters";
} elseif (strlen($password1) < 5 || strlen($password1) > 25) {
    echo "Password must be between 5 and 25 characters";
} elseif ( $password1 !== $password2) {
    echo "Password are mismatched";
} elseif (strpos($email,'@') !== true || strpos($email,'.') !== true) {
    echo "Not a valid E-Mail";
} elseif ($stmt = $mysqli->prepare("SELECT `username` FROM `accounts` WHERE username = ?")) {
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $stmt->store_result(); 
    if ($stmt->num_rows) {
        //echo json_encode("0");
        echo "Unavailable";

        //if unavailable
        // header('Location: /register.html'); 
    }
    else {
        if ($stmt = $mysqli->prepare("SELECT `email` FROM `accounts` WHERE email = ?")) {
    $stmt->bind_param("s", $email);
    $stmt->execute();
    $stmt->store_result();
    if ($stmt->num_rows) {
        //echo json_encode("2");
        echo "Email_Exists";
        //if unavailable
        // header('Location: /register.html'); 
    }
    else {
        //echo json_encode("1");
        echo "1";
    }

}
    }

}
$mysqli->close(); 

?>

1 个答案:

答案 0 :(得分:1)

问题在于您的电子邮件验证码,无论您做什么,您始终会从服务器获取Not a valid E-Mail消息。并且,由于在AJAX成功时未处理,因此始终执行 else block ,因此您的下一个 POST块

所以,相反,这是电子邮件验证,

} elseif (strpos($email, '@') == false || strpos($email, '.') == false) {

} elseif (strpos($email, '@') == 0 || strpos($email, '.') == 0) {

为什么不起作用?

!==     Not identical

例如。 $ x!== $ y如果$ x不等于$ y,或者它们的类型不同,则返回true

并且,strpos($email, '@')返回你对布尔值进行了整数的类型Integer。


并且,您遗漏了不同的验证消息,例如

  • 用户名必须介于3到15个字符之间
  • 密码必须介于5到25个字符之间
  • 密码不匹配

请处理AJAX的全部成功。

if(data == "Unavailable") {                
}else if(data == 'Email_Exists') {          
}else if (data == 'Username must be between 3 and 15 characters'){
}else if (data == 'Password must be between 5 and 25 characters'){
}else if (data == 'Password are mismatched'){
}else if(data=='Not a valid E-Mail'){
}