1
所以我目前正在學習PHP,並且使用POST方法創建一個帶有註冊表單的簡單PHP頁面。在表單提交時,頁面密碼(使用phpass),驗證用戶名是否有效(也就是說,當前不存在於數據庫中),如果是,則插入。我的代碼插入新行,但我沒有看到存儲用戶名或散列值的值。這裏的PHP:通過PHP插入MySQL數據庫只有一半工作
require("PasswordHash.php");
$unSuccess = false;
$pwSuccess = false;
$registerSuccess = false;
$spamSuccess = false;
$database = "XXXXXXX";
$username = "XXXXXXX";
$password = "XXXXXXX";
$server = "XXXXXXX";
$db = new mysqli($server, $username, $password, $database);
$user = "";
$pass = "";
if (mysqli_connect_errno())
{
printf("Connection failed: %s\n", mysqli_connect_error());
exit();
}
if($_POST["usr"] && !$unSuccess){
$un = $_POST["usr"];
if(strlen($un) < 20){
//Verify Username is valid
if(preg_match("/([A-Za-z0-9])/", $un) == 1){
//Username is valid, check if it already exists in db.
$unCheckQuery = "SELECT USERS.Username FROM USERS WHERE USERS.Username = '$un'";
$result = $db->query($unCheckQuery);
$num = $result->num_rows;
$result->close();
if($num != 0){ $errUsername = "Username already exists."; $unSuccess = false; }
}
else{
//Username is valid and not taken
$user = $un;
$unSuccess = true;
}
}
}
if($_POST["password"] && !$pwSuccess){
//verify and hash pw
$pw = $_POST["password"];
if(str_len($pw) > 72){die("Password must be shorter than 72 characters");}
$hasher = new PasswordHash(8, false);
$hash = $hasher->HashPassword($pw);
if(strlen($hash) >= 20 && preg_match($pattern, $pw) == 1){
$pass = $hash;
echo $pass;
$pwSuccess = true;
}
else{
$pwSuccess = false;
}
}
if($_POST["spam"]){
$s = $_POST["spam"];
if($s != 10){
$spamSuccess = false;
}
else if($s == 10) {$spamSuccess = true;}
}
if($unSuccess = true && $pwSuccess = true && $spamSuccess = true){
$registerQuery = "INSERT INTO USERS(Username, phash) VALUES('$user', '$pass')";
//This line is breaking evrything.
$db->query($registerQuery);
}
我使用的表單是一個簡單的HTML表單。我明顯的原因忽略了登錄信息。任何指針正確的方向將不勝感激!
'$ unSuccess = true'正在分配,而不是比較。 –
您可能需要仔細檢查您的用戶名「驗證」邏輯。你的'if'和'else'子句都說'//用戶名是有效的',所以你可能會混淆自己到底發生了什麼。另外,你是否看到輸出中顯示的散列密碼是'echo $ pass;'的結果? –
什麼是'str_len'?什麼是'$模式'?你在quering之前檢查過'$ user','$ pass'的值嗎?他們肯定是空的。 –