密码验证不允许在php

时间:2017-09-26 08:28:56

标签: php validation

我的应用程序中有一个密码字段。我使用了欧芹验证。但是,除了必填字段之外,我没有给出任何验证。所以它允许所有角色。但是,我想清理密码而不允许用户添加空格。如果他们尝试过,则应显示错误消息。密码字段应包含至少1个数字。

这是我的代码:

<?php
require('../config.php'); 
if(!isset($_SESSION['can_access']) || $_SESSION['can_access'] !== true ) 
    header('Location: login.php'); 
ob_start(); 
global $DB, $USER; 
$id=$USER->id; 
$clientid=$_GET['id'];

$errorMessage  = '';
$successMessage = ''; 
if(isset($_SESSION['successMessage'])) 
    { 
        $successMessage = $_SESSION['successMessage']; 
        unset($_SESSION['successMessage']); 
    }
if(isset($_POST['register'])) { 
    $errors = array(); 
    $data = array(); 
    $chk_sql = "SELECT * FROM {user} u where username = ?"; 
    if (!empty($chk_sql) ) {
        $errorMessage='Username already taken';
    }
    if(!$chk_username = $DB->get_record_sql($chk_sql, array($_POST['username'])) ) 
        { 
            $insert_record = new stdClass(); 
            $insert_record->username = $_POST['username']; 
            $insert_record->firstname = $_POST['firstname']; 
            $insert_record->email = $_POST['email']; 
            $insert_record->password = password_hash($_POST['password'], PASSWORD_DEFAULT); 
            $insert_record->mnethostid = 1;
            $insert_record->confirmed = 1; 
            $insert_record->idnumber = 2;       
            $insert_record->maildisplay = $clientid; 
            //$insert_record->timecreated = date('Y-m-d'); 
            if( $result = $DB->insert_record('user', $insert_record) ) 
                { 
                    $_SESSION['successMessage'] = "record created successfully"; 
                    header('Location: clients.php'); 

                }
        }
}
?> 

这是我的密码按钮:

<div class="form-group has-feedback"> 
<input id="signupInputPassword" type="password" name="password" placeholder="Password" autocomplete="off" required class="form-control" > 
<span class="fa fa-lock form-control-feedback text-muted"></span> 
</div> 

任何人都可以帮助我吗?

提前致谢。

1 个答案:

答案 0 :(得分:2)

if (isset($_POST['register'])) {

$password = $_POST['password'];

if (preg_match('/\s/', $password)) {

    echo "password has whitespace";

} else {

    if (strlen($password) <= '8') {
        echo "Your Password Must Contain At Least 8 Characters!";
    } elseif (!preg_match("#[0-9]+#", $password)) {
        echo "Your Password Must Contain At Least 1 Number!";
    } elseif (!preg_match("#[A-Z]+#", $password)) {
        echo "Your Password Must Contain At Least 1 Capital Letter!";
    } elseif (!preg_match("#[a-z]+#", $password)) {
        echo "Your Password Must Contain At Least 1 Lowercase Letter!";
    }

    $errors  = array();
    $data    = array();
    $chk_sql = "SELECT * FROM {user} u where username = ?";
    if (!empty($chk_sql)) {
        $errorMessage = 'Username already taken';
    }
    if (!$chk_username = $DB->get_record_sql($chk_sql, array($_POST['username']))) {
        $insert_record              = new stdClass();
        $insert_record->username    = $_POST['username'];
        $insert_record->firstname   = $_POST['firstname'];
        $insert_record->email       = $_POST['email'];
        $insert_record->password    = password_hash($_POST['password'], PASSWORD_DEFAULT);
        $insert_record->mnethostid  = 1;
        $insert_record->confirmed   = 1;
        $insert_record->idnumber    = 2;
        $insert_record->maildisplay = $clientid;
        //$insert_record->timecreated = date('Y-m-d');
        if ($result = $DB->insert_record('user', $insert_record)) {
            $_SESSION['successMessage'] = "record created successfully";
            header('Location: clients.php');

        }
    }
}

}