首先让我说我对此非常陌生。我正在尝试开发一个没有真正经验的移动应用程序和网站。可能有些东西我错过了或者我做错了但是我似乎无法确定问题所在。在创建我自己之前,我按照视频指南(将演示文件下载到我的计算机上)但似乎无法连接到我的数据库。我还复制了演示文件并将它们放入我的代码中,它仍然让我抓住了一个部分。我使用程序MAMP进行连接,使用Brackets代码。以下是我的会话文件:
数据库连接 -
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "root";
$dbName = "Login System";
$con = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
我的注册文档 -
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error handlers
//Check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
echo <h2>Please fill in all fields;
exit ();
} else {
//Check if input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
} else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
} else {
//Hashing the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO users (first, last, email, uid, pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
} else {
header("Location: ../signup.php");
exit();
}
?>
我的登录表
<?php
include_once 'header.php';
?>
<section class="main-container">
<div class="main-wrapper">
<h2>Signup</h2>
<form class="signup-form" action="includes/signup.inc.php" method="POST">
<input type="text" name="first" placeholder="Firstname">
<input type="text" name="last" placeholder="Lastname">
<input type="text" name="email" placeholder="E-mail">
<input type="text" name="uid" placeholder="Username">
<input type="password" name="pwd" placeholder="Password">
<Button type="submit" name="submit">Sign up</Button>
</form>
</div>
</section>
<?php
include_once 'footer.php';
?>
我已重置&#39; root&#39;的密码到了&#39; root&#39;并确保我可以登录。如果任何字段为空,检查错误列表的文档将返回上一页,其中包含&#34; = empty&#34;在网址中。无论我在我的字段中键入什么内容,都要么不将信息推送到数据库中,要么我错误地映射了我的字段,因此其中一个数据库字段为空。
非常感谢任何帮助。正如我在本文开头所说,我对此非常陌生。你可能会看到一些非常明显且有些愚蠢的东西......你已被警告过了!我正在创建一个允许用户登录的移动应用程序和网站。登录尝试将引用我的localhost数据库以确认用户不存在或用户未在使用中。
谢谢!
答案 0 :(得分:1)
要检查连接处理,可以在连接尝试后添加:
$conn = mysqli_connect( ... );
if ( !$conn ) {
die( 'Did not connect: ' . mysqli_connect_error() );
}
要在查询后检查处理,可以在查询尝试后添加:
$result = mysqli_query( $conn, $sql );
if (false === $result) {
die( 'Query error: ' . mysqli_error($conn) );
}
答案 1 :(得分:0)
立即使用php -l我在includes/signup.inc.php文件中的代码中发现了一些错误。
未引用行echo <h2>Please fill in all fields;,当我尝试加载页面时会导致错误500。要解决此问题,我添加了单引号echo '<h2>Please fill in all fields</h2>';并添加了</h2>来关闭HTML标记。
修复后,页面将返回 Please fill in all fields ,即使我填写了注册表单中的所有字段。要解决此问题,我将mysqli_real_escape_string($conn, $_POST['POST_DATA']);更改为strip_tags(trim($_POST['POST_DATA']));。
电子邮件地址略有不同,mysqli_real_escape_string($conn, $_POST['email']);更改为filter_var(trim($_POST['email'], FILTER_SANITIZE_EMAIL));
我还更改了$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);(PHP文档:http://php.net/manual/en/function.password-hash.php)行以添加salt。什么是盐?
在密码学中,salt是随机数据,用作附加数据 输入单向函数&#34;哈希&#34;密码或密码。 盐与nonce的概念密切相关。首要的 盐的功能是防止字典攻击或反对 它的哈希等价物,预先计算的彩虹表攻击。
来源:en.wikipedia.org/wiki/Salt_(cryptography)
另请参阅stackexchange / security中的这篇文章以获取更多信息链接:https://security.stackexchange.com/a/51983
新的includes/signup.inc.php文件
<?php
if (isset($_POST['submit'])) {
include_once 'dbh.inc.php';
$first = strip_tags(trim($_POST['first']));
$last = strip_tags(trim($_POST['last']));
$email = filter_var(trim($_POST['email'], FILTER_SANITIZE_EMAIL));
$uid = strip_tags(trim($_POST['uid']));
$pwd = strip_tags(trim($_POST['pwd']));
//Error handlers
//Check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
echo '<h2>Please fill in all fields</h2>'; // was echo <h2>Please fill in all fields; which would cause an error 500
exit ();
}
else {
//Check if input characters are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
}
else {
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
}
else {
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usertaken");
exit();
}
else {
//Hashing the password
$options = [
'cost' => 12,
];
$hashedPwd = password_hash($password, PASSWORD_BCRYPT, $options); // Adding salt to hashed password
//Insert the user into the database
$sql = "
INSERT INTO users (first, last, email, uid, pwd)
VALUES ('" . $first . "',
'" . $last . "',
'" . $email . "',
'" . $uid . "',
'" . $hashedPwd . "');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
else {
header("Location: ../signup.php");
exit();
}
?>
另外,学习如何使用mysqli的OOP样式来执行更复杂的数据库操作是个好主意
关于mysqli的PHP文档:php.net/manual/en/mysqli.query.php
添加一列作为序列号以允许稍后使用此MySQL查询为用户编辑值也是一件好事:
ALTER TABLE `users` ADD `serial` INT PRIMARY KEY AUTO_INCREMENT;