0
我清理用戶名輸入像這樣:建議您清理密碼輸入嗎?
function clean($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
我正在使用PDO格式準備的語句和散列密碼,所以它仍然是可取的也是乾淨的密碼輸入?
以下是代碼。要小心,它是未完成的這一刻,也非常混亂。
<?php
// start session
session_start();
?>
<!DOCTYPE html>
<head>
<link href='css/verify-id.css' rel='stylesheet'>
</head>
<body>
<?php
function clean($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// set or enter password
if (isset($_POST['password']) && empty($_POST['password'])) {
$error = 'A password is required.';
$identity = '';
$tip = '';
$prompt = '';
} else if (isset($_POST['password']) && !empty($_POST['password'])) {
//echo '<br>SESSION idPersist<br>'.$_SESSION['idPersist'];
//echo '<br><br>POST password<br>'.$_POST['password'];
$password = $_SESSION['password'];
$idPersist = $_SESSION['idPersist'];
include 'include/database-connection.php';
if ($_SESSION['prompt'] === 'Enter Password') {
//echo '<br><br>SESSION prompt is Enter Password';
// compare password
$sql = 'SELECT pass FROM guests WHERE id = :id';
$stmt = $conn->prepare($sql);
$stmt->bindParam(':id', $idPersist);
$conn->exec($sql);
} else if ($_SESSION['prompt'] === 'Set Password') {
echo '<br><br>SESSION prompt is Set Password';
/*
// set password
$sql = 'INSERT INTO guests (pass)
VALUES (:password)';
$stmt = $conn->prepare($sql);
$stmt->bindParam(':password', $password);
//$conn->exec($sql);
*/
}
$conn = null;
/*
$error = '';
$identity = '';
$tip = '';
$prompt = '';
*/
}
// enter id
if (!isset($_POST['password']) && empty($_POST['id'])) {
$error = 'An ID is required.';
} else if (!isset($_POST['password']) && !empty($_POST['id'])) {
include 'include/database-connection.php';
$id = clean($_POST['id']);
$sql = 'SELECT id, pass FROM guests WHERE id = :id';
$stmt = $conn->prepare($sql);
$stmt->bindParam(':id', $id);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
$_SESSION['idPersist'] = $id;
$identity = 'password';
$tip = 'Password';
$error = '';
if (is_null($result['pass'])) {
$prompt = 'Set Password';
$_SESSION['prompt'] = 'Set Password';
} else {
$prompt = 'Enter Password';
$_SESSION['prompt'] = 'Enter Password';
}
} else {
$prompt = 'Enter Valid ID';
}
$conn = null;
}
}
?>
<form
accept-charset ='UTF-8'
action ='<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>'
autocomplete ='off'
enctype ='application/x-www-form-urlencoded'
method ='post'
target ='_self'>
<input
autofocus
id ='<?php
if (empty($identity)) {
echo 'id';
} else {
echo $identity;
}
?>'
name ='<?php
if (empty($identity)) {
echo 'id';
} else {
echo $identity;
}
?>'
placeholder ='<?php
if (empty($tip)) {
echo 'ID';
} else {
echo $tip;
}
?>'
required
size ='25'
title ='<?php
if (empty($tip)) {
echo 'ID';
} else {
echo $tip;
}
?>'
type ='text'>
<span><?php echo $error; ?></span>
<input
id ='submit'
name ='submit'
type ='submit'
value ='<?php
if (empty($prompt)) {
echo 'Enter ID';
} else {
echo $prompt;
}
?>'>
</form>
</body>
</html>
不,不這樣做。此外,該功能通常被錯誤地使用,請小心。 – chris85
將您使用的密碼應用於只用於散列的密碼,您會獲得什麼? –
@HubertGrzeskowiak我不確定你的意思?我計劃對密碼進行哈希處理,但是我不確定是否在破壞之前進行了密碼哈希處理? – Anthony