密码应超过8个字符

时间:2015-09-13 13:55:45

标签: php passwords

我正在做一个网上购物项目。

用户应该在登录前注册他们的信息,他们的详细信息存储在数据库中。但是,我希望只有在没有任何错误的情况下才能将详细信息存储在数据库中。我希望只有在密码长度超过8个字符时才能存储密码。

目前,即使数据少于8个字符,数据仍会添加到数据库中。显示错误消息,但密码仍输入数据库。

我不确定我做错了什么。我希望有人指出它......

提前谢谢!

我更新了我的代码

<?php
$server = "localhost";
$uname = "root";
$pwd = "";
$dbname = "SCINFO";

//connecting to mysqli
$connection = mysqli_connect($server, $uname, $pwd, $dbname);

// Check connection
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());//If connection fails, prints msg
}

$uidErr = $pwdErr = "";
$uid = $pwd = "";

if($_SERVER["REQUEST_METHOD"]=="POST"){

    //check if user field is empty
if(empty($_POST["uid"])){
    $uidErr = "UserID required";
}
else{
    //check if userid exist in database
    $query = "SELECT * FROM USER WHERE USER_ID ='".$_POST["uid"]."'";
    $result = mysqli_query($connection, $query);

    if(mysqli_num_rows($result)>0){
        $uidErr = "Username already in use!";
    }
    else{
        $uid = test_input($_POST["uid"]);
    }
}  
if(empty($_POST["pwd"])){
    $pwdErr = "Password is required!";
  }
  else{
      if(strlen($_POST["pwd"]) < 8){
          $pwdErr = "Password must be more than 8 characters!";
      }
      else{
        $pwd = test_input($_POST["pwd"]);
      }
   }
}
 function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
User_ID:
<input type="text" name="uid" placeholder="ex:johndoe22"><font color="red">&nbsp;<br><?php echo $uidErr;?></font>
Password: 
<input type="password" name="pwd" placeholder="********"><font color="red">&nbsp;<br><?php echo $pwdErr;?></font>
</form>
<?php
if(!empty($_POST) || !isset($_POST)){
//insert data
$fields = array('uid', 'pwd');
$fieldErr = array('uidErr', 'pwdErr');
$error = false;

foreach($fieldErr as $fieldnm){
    if(isset($_POST[$fieldnm])){
        echo $fieldnm." Error(Invalid field)!<br>";
        $error = true;
    }
}

echo "<br><br>";

foreach($fields as $fieldname){
    if(empty($_POST[$fieldname])){
        echo $fieldname." Error(Empty field)!<br>";
        $error = true;
    }
}

if(!$error){
    $sql = "INSERT INTO USER (USER_ID, USER_PWD)
        VALUES ('".$_POST["uid"]."','".$_POST["pwd"]."')";

    //check if data is inserted
    if (mysqli_query($connection, $sql)) {
        //print data
        $sqls = "SELECT USER_ID, USER_PWD";
        $result = mysqli_query($connection, $sqls);

        if (mysqli_num_rows($result) > 0) {
        // output data of each row
        while($row = mysqli_fetch_assoc($result)) {
            echo "<br>"." - UserID: " . $row["USER_ID"]." - Username: " . $row["USER_NAME"]. " - Password: " . 
                $row["USER_PWD"];
            }
        } else {
            echo "0 results";
        }
    } else {
        echo "Error: " . $sql . "<br>" . mysqli_error($connection);
     }
   }
}
?>

2 个答案:

答案 0 :(得分:1)

我玩过你的代码并做了一些改进。它仍然远非完美,但它应该让你开始。

改进的数量太多,无法概括。

代码:

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);

// Set DB credentials
define("DBSERV", "localhost");
define("DBUSER", "root");
define("DBPASS", "");
define("DBNAME", "SCINFO");

class DB {

    public $_connection;

    public function __construct($credentials) {
        if (!$this->_connection = mysqli_connect(
                $credentials['server'],
                $credentials['user'],
                $credentials['password'],
                $credentials['database']
        )) {
            die("Connection failed: " . mysqli_connect_error()); //If connection fails, prints msg
        };
    }

    public function query($sql) {
        return mysqli_query($this->_connection, $sql);
    }

    public function error() {
        return mysqli_error($this->_connection);
    }

    public function rows($query) {
        return mysqli_num_rows($query);
    }

    public function fetch($result) {
        return mysqli_fetch_assoc($result);
    }

}

class Validate {

    public static function uid($uid) {
        global $database;

        //check if user field is empty
        if (empty($uid)) {
            return "UserID required";
        }
        //check if userid exist in database
        if ($database->rows($database->query("SELECT * FROM USER WHERE USER_ID ='" . $uid . "'")) > 0) {
            return "Username already in use!";
        }
        return FALSE;
    }

    public static function pwd($pwd) {
        if (empty($pwd)) {
            return "Password is required!";
        }
        if (strlen($pwd) < 9) {
            return "Password must be more than 8 characters!";
        }
        return FALSE;
    }

}

class Strip {

    public static function input($data) {
        // The code of this method can still be improved a lot
        // You should check for attempts at SQL injection
        // See http://php.net/manual/en/security.database.sql-injection.php
        return stripslashes(trim($data));
    }

}

$database = new DB([
    'server' => DBSERV,
    'user' => DBUSER,
    'password' => DBPASS,
    'database' => DBNAME,
]);

$uid = $pwd = $debug = '';
$uidErr = $pwdErr = FALSE;

if (!empty($_POST)) {

    $uid = Strip::input($_POST['uid']);
    $uidErr = Validate::uid($uid);
    $pwd = Strip::input($_POST['pwd']);
    $pwdErr = Validate::pwd($pwd);

    if (!$uidErr && !$pwdErr) {
        $debug = '';

        //check if data is inserted
        if ($database->query("INSERT INTO USER (USER_ID, USER_PWD) VALUES ('" . $uid . "','" . $pwd . "')")) {
            //print data
            $result = $database->query("SELECT USER_ID, USER_PWD");

            if ($database->rows($result) > 0) {
                // output data of each row
                while ($row = $database->fetch($result)) {
                    $debug . "<br>" . " - UserID: " . $row["USER_ID"] . " - Username: " . $row["USER_NAME"] . " - Password: " . $row["USER_PWD"];
                }
            } else {
                $debug . "0 results";
            }
        } else {
            $debug . "Error: " . $sql . "<br>" . $database->error();
        }
    }
}
?>
<html>
    <head>
        <style>
            .error {
                color : red;
            }
        </style>
    </head>
    <body>
        <form method = "post" action = "<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
            <div>
                User_ID: 
                <input type = "text" name = "uid" placeholder = "ex:johndoe22" value = "<?php echo $uid; ?>">
            </div>
            <div class = "error">
                <?php echo $uidErr; ?>
            </div>
            <div>
                Password: 
                <input type="password" name="pwd" placeholder="********" value = "<?php echo $pwd; ?>">
            </div>
            <div class = "error">
                <?php echo $pwdErr; ?>
            </div>
            <div>
                <button type="submit">Submit</button>
            </div>
        </form>
        <div>
            <?php echo $debug; ?>
        </div>
    </body>
</html>

答案 1 :(得分:0)

在插入查询之前,请检查$ pwdErr变量。如果是isset,那么就不要运行你的查询...

if (isset($pwdErr)) {
    // there is an error with password...
}
else {
    // run your insert
}

是的......

if(strlen($_POST["pwd"]) < 8){

你不行......这里的密码必须小于8个字符。试试&gt; 8:)