确认密码无效

时间:2015-11-28 17:50:11

标签: php html validation

我有这个HTML格式:

<form class="signup-form" action="action/register.php" method="post">
                            <input type="text" class="input" name="user" id="user_name" autocomplete="off" placeholder="Username" required="true">
                            <input type="text" class="input" name="nome" id="name" autocomplete="off" placeholder="Nome" required="true">
                            <input type="password" class="input" name="pass" id="user_pass" autocomplete="off" placeholder="Password" required="true">
                            <input type="password" class="input" name="cpass" id="user_cpass" autocomplete="off" placeholder="Confirme a Password" required="true">
                            <input type="submit" class="button" name="submit" value="Sign Up">
                        </form

并且action / register.php是这样的:

global $db;
    $username=trim($_POST['user']);
    $nome=trim($_POST['nome']);
    $password=trim($_POST['pass']);
    $cpassword=trim($_POST['cpass']);



    if(strcmp($password,$cpassword)!==0) {
        echo "<script> window.location.assign('../errors/password_error.php'); </script>";
        //header('Location: ../errors/password_error.php');
    }

    $stmt = $db->prepare('SELECT username FROM utilizador');
    $stmt->execute();
    $result = $stmt->fetchAll();
    foreach ($result as $row) {
        if($row['username'] === $username){
            header('Location: ../errors/username_error.php');
        }
    }

当我插入已存在的用户名时,它会将我成功重定向到errors / username_error.php,但是当我插入一个与pass不同的cpass时,它会接受它,当它不应该时(我已经尝试了两个和标题)。

有什么建议吗?

PS:我已经尝试过if($ password!== $ cpassword)

PPS:我想我解决了,但我不明白为什么,是吗? 这是我的整个register.php: 

<?php
include_once('../database/connection.php'); // connects to the database
session_start();                         // starts the session

function NewUser()
{
    global $db;
    $username=trim($_POST['user']);
    $nome=trim($_POST['nome']);
    $password=trim($_POST['pass']);
    $cpassword=trim($_POST['cpass']);

    if($password !== $cpassword) {
        //echo "<script> window.location.assign('../errors/password_error.php'); </script>";
        header('Location: ../errors/password_error.php');
    }

    else{
        $stmt = $db->prepare('SELECT username FROM utilizador');
        $stmt->execute();
        $result = $stmt->fetchAll();
        foreach ($result as $row) {
            if($row['username'] === $username){
                header('Location: ../errors/username_error.php');
            }
        }



        $img = rand(0,10);

        $stmt = $db->prepare("INSERT INTO utilizador (username,nome,password,img) VALUES (:username,:nome,:password,:img)");
        $stmt->bindParam(':username', $username);
        $stmt->bindParam(':nome', $nome);
        $stmt->bindParam(':password', $password);
        $stmt->bindParam(':img', $img);
        if($stmt->execute()){  
            $_SESSION['loggedin'] = true;
            $_SESSION['username'] = $username;
            $_SESSION['img'] = $img;
            header('Location: ../main.php');
        }
    }
}


if(isset($_POST['submit'])){
NewUser();
}
?>

然后我把它改成了这个(摆脱了这个功能)并且有效了! 

<?php



include_once('../database/connection.php'); // connects to the database
session_start();                         // starts the session

if(isset($_POST['submit'])){
global $db;
    $username=trim($_POST['user']);
    $nome=trim($_POST['nome']);
    $password=trim($_POST['pass']);
    $cpassword=trim($_POST['cpass']);

    if($password !== $cpassword) {
        //echo "<script> window.location.assign('../errors/password_error.php'); </script>";
        header('Location: ../errors/password_error.php');
    }

    else{
        $stmt = $db->prepare('SELECT username FROM utilizador');
        $stmt->execute();
        $result = $stmt->fetchAll();
        foreach ($result as $row) {
            if($row['username'] === $username){
                header('Location: ../errors/username_error.php');
            }
        }



        $img = rand(0,10);

        $stmt = $db->prepare("INSERT INTO utilizador (username,nome,password,img) VALUES (:username,:nome,:password,:img)");
        $stmt->bindParam(':username', $username);
        $stmt->bindParam(':nome', $nome);
        $stmt->bindParam(':password', $password);
        $stmt->bindParam(':img', $img);
        if($stmt->execute()){  
            $_SESSION['loggedin'] = true;
            $_SESSION['username'] = $username;
            $_SESSION['img'] = $img;
            header('Location: ../main.php');
        }
    }
}

?>

2 个答案:

答案 0 :(得分:1)

尝试:

if(strcmp($password,$cpassword)!=0)

而不是:

if(strcmp($password,$cpassword)!==0)

我不能保证工作,因为我有点新的PHP

答案 1 :(得分:0)

线索1: 数据库中的密码是否加密?如果是,您应该在输入密码之前对其进行加密。

线索2:

您可以使用相同的技术查找您的用户名和密码。你可以这样做。

$stmt = $db->prepare('SELECT username, password FROM utilizador');
    $stmt->execute();
    $result = $stmt->fetchAll();
    foreach ($result as $row) {
        if($row['username'] === $username){
            header('Location: ../errors/username_error.php');
        }

        if($row['password'] === $password){
            header('Location: ../errors/password_error.php');
        }
}

线索3: 您是否尝试清除register.php中的浏览器缓存?

<?php
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>
相关问题
最新问题