尝试使用用户名和密码进行注册时,我的应用程序收到registration failed
错误。这些是正在使用的功能。
index.php(尝试使用任何用户名或密码注册时收到registration failed
警报)
// the functions you call inside the switch are found in the api.php file
switch ($_POST['command']) {
case "login":
login($_POST['username'], $_POST['password']);
break;
case "register":
register($_POST['username'], $_POST['password']);
break;
api.php
// register API
function register($user, $pass) {
//check if username exists in the database (inside the "login" table)
$login = query("SELECT username FROM login WHERE username='%s' limit 1", $user);
if (count($login['result'])>0) {
//the username exists, return error to the iPhone app
errorJson('Username already exists');
}
//try to insert a new row in the "login" table with the given username and password
$result = query("INSERT INTO login(username, pass) VALUES('%s','%s')", $user, $pass);
if (!$result['error']) {
//registration is susccessfull, try to also directly login the new user
login($user, $pass);
} else {
//for some database reason the registration is unsuccessful
errorJson('Registration failed');
}
}
//login API
function login($user, $pass) {
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username='%s' AND pass='%s' limit 1", $user, $pass);
if (count($result['result'])>0) {
// a row was found in the database for username/pass combination
// save a simple flag in the user session, so the server remembers that the user is authorized
$_SESSION['IdUser'] = $result['result'][0]['IdUser'];
// print out the JSON of the user data to the iPhone app; it looks like this:
// {IdUser:1, username: "Name"}
print json_encode($result);
} else {
// no matching username/password was found in the login table
errorJson('Authorization failed');
}
}
奇怪的是,当index.php
中的密码参数更改为诸如register($_POST['username'], $_POST['_Any_Random_String']);
这样的任意字符串时,注册和登录过程正常工作,唯一的事情是密码未插入数据库,并且可以使用所选的用户名和任何已设置的密码登录。
case "login":
//authenticates user but password isn't uploaded
login($_POST['username'], $_POST['_Any_Random_String']);
break;
//authenticates user but password isn't uploaded
case "register":
register($_POST['username'], $_POST['_Any_Random_String']);
break;
编辑 上面的代码允许用户joey
使用用户名joey
和输入的任何密码进行注册和登录。如果joey使用密码1234
注册,即使他使用密码12345678
注册,他也将能够使用密码1234
或任何密码登录。另外,密码1234
或密码字段中的任何输入都不会存储到数据库中。
应用程序如何根据需要通过$_POST['password']
发布密码?
更新
查尔斯代理输出
command register
username fxjzfnfx
password ®0i!0öºk}p«)ÛèGS¡{
{
"error": "Registration failed"
}
答案 0 :(得分:1)
替换此
//try to insert a new row in the "login" table with the given username and password
$result = query("INSERT INTO login(username, pass) VALUES('%s','%s')", $user, $pass);
到
//try to insert a new row in the "login" table with the given username and password
$result = query("INSERT INTO login(username, pass) VALUES(" . $user . "," . $pass . ")");
然后替换
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username='%s' AND pass='%s' limit 1", $user, $pass);
到
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username=". $user . " AND pass=" . $pass ." limit 1");
答案 1 :(得分:0)
$result = query("INSERT INTO login(username, pass) VALUES('%s','%s')", $user, $pass);
在这里检查您的最后一个查询正在执行什么。您是否同时获得这两个值。您的表中还可能需要其他一些字段。