从php插入mysql数据库

时间:2017-01-16 10:28:49

标签: php mysql email hash

我创建了一个dovecot postfix and mysql的邮件服务器。 用户应该能够通过php webpage创建新的邮件地址,这会将数据插入mysql database。 它也会将其插入到数据库中,但与邮件服务器的连接不会使用该凭据。 当我自己直接插入相同的东西进入它工作的数据库时,你能不能给代码看看,告诉我可能有什么问题? 我认为它与password hash generation with doveadm有一些共同点。

<?php
    ob_start();
    session_start();
    if( isset($_SESSION['user'])!="" ){
            header("Location: home.php");
    }
    include_once 'dbconnect.php';

    $error = false;

    if ( isset($_POST['btn-signup']) ) {

            // clean user inputs to prevent sql injections
            $name = trim($_POST['name']);
            $name = strip_tags($name);
            $name = htmlspecialchars($name);

            $email = trim($_POST['email']);
            $email = strip_tags($email);
            $email = htmlspecialchars($email);

            $pass = trim($_POST['pass']);
            $pass = strip_tags($pass);
            $pass = htmlspecialchars($pass);

            // basic name validation
            if (empty($name)) {
                    $error = true;
                    $nameError = "Please enter your full name.";
            } else if (strlen($name) < 3) {
                    $error = true;
                    $nameError = "Name must have atleat 3 characters.";
            } else {
                    // check email exist or not
                    $query = "SELECT username FROM accounts WHERE username='$name'";
                    $result = mysql_query($query);
                    $count = mysql_num_rows($result);
                    if($count!=0){
                            $error = true;
                            $nameError = "Benutzeraccount existiert schon.";
                    }
            }

            //basic email validation
            if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
                    $error = true;
                    $emailError = "Please enter valid email address.";
            } else {
                    // check email exist or not
                    $query = "SELECT resetmail FROM accounts WHERE resetmail='$email'";
                    $result = mysql_query($query);
                    $count = mysql_num_rows($result);
                    if($count!=0){
                            $error = true;
                            $emailError = "Kontakt E-Mail Adresse bereits in Verwendung.";
                    }
            }
            // password validation
            if (empty($pass)){
                    $error = true;
                    $passError = "Please enter password.";
            } else if(strlen($pass) < 6) {
                    $error = true;
                    $passError = "Password must have atleast 6 characters.";
            }

            // password encrypt using SHA256();
            $password = shell_exec('/usr/bin/doveadm pw -s SHA512-CRYPT -p '. $pass);


            // if there's no error, continue to signup
            if( !$error ) {

                    $query = "INSERT INTO accounts(username,domain,at,complete,resetmail,password,quota,enabled,sendonly) VALUES('$name','chillihorse.de','@','test','$email','$password','2048','1','0')";

                    $res = mysql_query($query);


                    if ($res) {
                            $errTyp = "success";
                            $errMSG = "Successfully registered, you may login now";
                            unset($name);
                            unset($email);
                            unset($pass);
                    } else {
                            $errTyp = "danger";
                            $errMSG = "Something went wrong, try again later...";
                    }

            }


    }
?>

0 个答案:

没有答案