确认密码PHP

时间:2017-11-11 07:47:26

标签: php 

<?PHP
require_once('connect.php');
if(isset($_POST) & !empty($_POST)){
  $username = $_POST['username'];
  $password = $_POST['password'];

  $sql = "INSERT INTO login (username, password) VALUES ('$username', 
'$password')";
  $result = mysqli_query($connection, $sql);

  if ($result){
    $smsg = "User Registration successful, Redirecting to Login."; 
  } else {
    $fmsg = "User Registation failed";
  }
}
?>

    <label for="inputEmail" class="sr-only">Email address</label>
    <input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address">

    <label for="inputPassword" class="sr-only">Password</label>
    <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password">

    <label for="inputPassword" class="sr-only">Password</label>
    <input type="password" name="cpassword" id="inputPassword" class="form-control" placeholder="Confirm password">
    <div id="Passwordsmatch">
    </div>  

    <button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
    <br>
    <p class="haveanacc">Already have an account? <a href="login.php">Login</a></p>
  </form>
</div>

我需要密码验证帮助确保密码=== confirmmpassword。 如何使密码字段必须等于确认密码字段,或$ fmsg / echo密码不匹配。

尝试了很多不同的事情似乎没什么用。我对PHP比较陌生。

3 个答案:

答案 0 :(得分:1)

试试这个:

<?PHP
require_once('connect.php');
if(isset($_POST) & !empty($_POST)){
$username = $_POST['username'];
$password = $_POST['password'];

然后添加

$cpassword = $_POST['cpassword'];
if($password == $capssword){

...... Your rest of the code

}

答案 1 :(得分:0)

请注意语法。

if ($a & $b) {
// is not equal to
if ($a && $b) 

// notice && vs &

首先,您需要清理用户输入。你在那里做的很容易就是一个sql注入安全问题。有一些工具可以为您提供用户输入的清理功能,但是对于这个小例子,我们假设您只需要用户名和密码的字母数字字符。 您也可以在此处http://docs.kisphp.net/database-connect/使用本教程并使用OOP

没有特殊字符

<?php
// rest of the code here
function sanitize($input) // this should be in a different file
{
    return preg_replace('/([^a-zA-Z0-9]+)/', '', $input);
}

$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
$password_confirm = sanitize($_POST['password_confirm']);

if (strcmp($password, $password_confirm) !== 0) {
    die('Password do not match');
    // or add the message in flash session and redirect user
}

// if everything is fine
$sql = "INSERT INTO users SET ";
$sql .= sprintf("username = '%s', ", $username);
$sql .= sprintf("password = '%s'", md5($password));
// instead of md5 you can use some other algorithm

$result = mysqli_query($mysqli_connection, $sql) or die(mysqli_error($mysqli_connection));

if (mysqli_insert_id($mysqli_connection) > 0) {
    echo "Success";
    // make redirect here
} else {
    // display error here
}

我建议你尽可能多地使用OOP。有一些ORM可以成功使用,并提供比普通php更多的反馈。如果您不知道如何操作,请按照上面的网址中的教程进行操作,这将使您更清楚。

P.S。我没有使用过程方法,因此如果您复制粘贴此代码,可能会出现一些错误。

P.P.S

我看到很多像这样比较的例子:

if ($a == $b)

不要这样做

如果您运行此代码:

if ($any_string == 0) {
    echo "this will always be shown, no matter what you have in variable";
}

使用strcmp===

答案 2 :(得分:-1)

再添加一个字段con_password。用于密码确认

if(isset($_POST)){
$username = $_POST['username'];
$password = $_POST['password'];
$con_password = $_POST['con_password'];
 if($password == $con_password){
$sql = "INSERT INTO login (username, password) VALUES ('$username', 
'$password')";
$result = mysqli_query($connection, $sql);
if ($result){
$smsg = "User Registration successful, Redirecting to Login."; 
} else {
$fmsg = "User Registation failed";`
}
}}
相关问题
最新问题