我做了注册和登录表格,但遇到一个问题,就是我的密码同时接受小写字母和大写字母。谁能告诉我如何解决此问题。 这是我下面的确认注册码。是否必须先哈希密码才能起作用。我是php的新手
<?php
if(isset($_POST['register'])){
$username = trim(mysqli_real_escape_string($connection, $_POST['username']));
$lastname = trim(mysqli_real_escape_string($connection, $_POST['lastname']));
$email = trim(mysqli_real_escape_string($connection, $_POST['email']));
$password = trim(mysqli_real_escape_string($connection, $_POST['password']));
$password1 = trim(mysqli_real_escape_string($connection, $_POST['password1']));
$sql = "SELECT email FROM users WHERE email='$email'" ;
$result = mysqli_query($connection, $sql) or die($mysqli->error());
if ( $result->num_rows > 0 ) {
echo'
<script type = "text/javascript">
alert("Email Address alrady exists ")
window.location.href = "register.php"
</script> ';
exit();
}
else {
if ($password === $password1){
// add the user if password match
$query = "INSERT INTO users(firstname, lastname, email, pass)
VALUES ('{$username}','{$lastname}', '{$email}', '{$password}') ";
$runNewUser = mysqli_query($connection, $query);
if($runNewUser){
echo'
<script type = "text/javascript">
window.location.href = "getmessage.php"
</script>';
}else{
echo'
<script type = "text/javascript">
alert("Error creating user. Please try again");
</script>';
}
}else{
// trigger error if password do not match
echo'
<script type = "text/javascript">
alert("Password do not match. Please try again ");
</script>
';
}
}
}
?>
这是我下面的确认登录代码
<?php
if(isset($_POST['ulogin'])){
$email = trim(mysqli_real_escape_string($connection, $_POST['email']));
$pass = trim(mysqli_real_escape_string($connection, $_POST['pass']));
$checkUser = "
SELECT * FROM users
WHERE email = '{$email}'
AND pass = '{$pass}'
";
$runCheck = mysqli_query($connection, $checkUser);
if(mysqli_num_rows($runCheck) == 1){
$foundUser = mysqli_fetch_array($runCheck);
$_SESSION['uid'] = $foundUser['id'];
$_SESSION['uname'] = $foundUser['firstname'];
$_SESSION['email'] = $foundUser['email'];
echo'
<script type = "text/javascript">
window.location.href = "dailymessage.php";
</script>
';
}else{
echo'
<script type = "text/javascript">
alert("Email address / Password incorect. Please try again");
</script>
';
}
}
?>
任何帮助将不胜感激。
答案 0 :(得分:0)
默认情况下,mysql不区分大小写。
在下一行if ($password === $password1){之后,如果条件返回true(这意味着如果两个密码匹配,则应像这样$password对$hash = password_hash($password, PASSWORD_DEFAULT);进行哈希处理,并在此行VALUES ('{$username}','{$lastname}', '{$email}', '{$password}') ";中使用$hash变量,它像这样VALUES ('{$username}','{$lastname}', '{$email}', '{$hash}') ";一样存储您的哈希密码。哈希函数PASSWORD_DEFAULT的第二个参数是哈希算法。当前默认算法是bcrypt,但可能更强大的算法是作为以后的默认值添加,并且可能会生成较大的字符串。如果您在项目中使用PASSWORD_DEFAULT,请确保将哈希存储在容量超过60个字符的列中。将列大小设置为255是一个不错的选择,您也可以使用PASSWORD_BCRYPT作为第二个参数,在这种情况下,结果将始终为60个字符。因此,在您输入密码时,对于登录名,应将其与数据集中的哈希版本进行比较。因此,您首先将POST变量放入变量$password中,然后创建另一个变量{ {1}}生成哈希版本并进行检查。请记住,您将哈希存储在数据库中,但这是用户登录时获得的普通密码。
password_verify()函数采用普通密码和哈希字符串作为其两个参数。如果哈希与指定的密码匹配,则返回true。
$hash = password_hash($password, PASSWORD_DEFAULT);有关更多信息,您可以阅读此topic