完成了制作php / mysql登录系统 . 我还制作了一个可以使用的注册系统,但是如果已经注册了电子邮件/用户名,或者输入中的用户名或密码丢失等,我需要在html中打印出错误 .
就像现在一样,它将自动死亡并在空白页面上打印出错误消息 .
它看起来像这样:
if(empty($_POST['password']))
{
die("Please enter a password");
}
我试过这个:
$errors = array();
if(empty($_POST['password']))
{
$errors[] = 'Please enter a password';
}
然后在html中打印出来 . 但是它会忽略密码输入并且只是注册用户帐户(使用加密密码,在phpmyadmin中) .
看起来有点死了,但我该怎么做呢?
这是整个代码:
<?php
require("*mysql_connection file*");
if(!empty($_POST))
{
if(empty($_POST['username']))
{
die("Please enter a username.");
}
$errors = array();
if(empty($_POST['password']))
{
$errors[] = 'Please enter your password';
}
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
die("Invalid E-Mail Address");
}
$query = "
SELECT
1
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
die("This username is already in use");
}
$query = "
SELECT
1
FROM users
WHERE
email = :email
";
$query_params = array(
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
die("Email already registered.");
}
$query = "
INSERT INTO users (
username,
password,
salt,
email
) VALUES (
:username,
:password,
:salt,
:email
)
";
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
$query_params = array(
':username' => $_POST['username'],
':password' => $password,
':salt' => $salt,
':email' => $_POST['email']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
header("Location: *login page*");
die("Redirecting to *login page*");
}
?>
2 回答
它会被重写你的整个代码 . 主要的评论是使用openssl_random_pseudo_bytes而不是你自己的东西来弥补盐,或者你可以从mcrypt系列函数中取出IV .
试试这个 :-