我寫了一個PHP註冊/登錄系統,工作正常。不過,我想補充一些服務器端錯誤檢查,以防止簽約,而無需輸入密碼的用戶,來檢查密碼字段匹配,等等。這裏是我的代碼:PHP註冊腳本不工作
<?php
session_start();
// retrieve data via POST
$username = $_POST['username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$userLoc = $_POST['userLoc']; // user location is a field on the submitted form
include("config.php");
$username = mysqli_real_escape_string($conn, $username); // clean username input
// ensure that the two password fields match
if ($pass1 != $pass2) {
header('Location: ../');
die();
}
// ensure that the user didn't bypass maxlength for username
if(strlen($username) > 30) {
header('Location: ../');
die();
}
// ensure that the user actually entered a password
if(strlen($pass1<3) || strlen($pass2<3)) {
header('Location: ../');
die();
}
// check if username already taken
// I'm using a session variable that causes a div to be displayed on index.php to indicate username taken
// (I also have AJAX username check already implemented)
$query = "SELECT 1 FROM users WHERE username='$username'";
$result = mysqli_query($conn,$query);
if ($result && mysqli_num_rows($result) > 0) {
$_SESSION['usernameTaken'] = 1;
header('Location: ../');
}
// create hash for password
$hash = hash('sha256', $pass1);
// create salt for password
function createSalt()
{
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
$salt = createSalt();
$hash = hash('sha256', $salt . $hash);
$userLoc = mysqli_real_escape_string($conn, $userLoc);
$query = "INSERT INTO users (username, password, salt, userLoc) VALUES ('$username' , '$hash' , '$salt' , '$userLoc');";
mysqli_query($conn,$query);
mysqli_close();
header('Location: ../');
?>
這裏的問題,我無法弄清楚:在那裏有die();
聲明,如果滿足任何條件(密碼不匹配,用戶名已存在等),腳本實際上會自行終止,它將被正確地重定向到index.php (../
),並且用戶名不會添加到數據庫中。但是,即使沒有觸發錯誤檢查邏輯(換句話說,用戶名可用,密碼匹配等),用戶名也不會被添加到數據庫中。我能夠得到任何東西添加到數據庫的唯一方法是通過擺脫每個die()
語句,但這使得它沒有錯誤檢查工作(例如,我可以輸入不匹配的密碼,並且用戶名將仍然被添加到數據庫,以及散列pass1
)。
我認爲這是因爲die()
語句正在觸發,即使給定的if
語句不計算爲真。有什麼建議麼?
非常感謝!這使我能夠發現錯誤在我的部分中,用於「確保用戶實際輸入密碼」。 (該腳本在到達該部分時終止。)我的後續問題是:任何想法爲什麼這不起作用? – andrewmc 2012-08-05 22:41:00
這行:'strlen($ pass1 <3)|| strlen($ pass2 <3)'看起來不對。這樣做:'if(strlen($ pass1)<3 || strlen($ pass2)<3)' – David 2012-08-05 22:42:17
我仔細查看了這段代碼,我簡直不敢相信我沒注意到..謝謝! – andrewmc 2012-08-05 22:45:39