首页 文章

PHP注册表单打印错误

提问于
浏览
0

完成了制作php / mysql登录系统 . 我还制作了一个可以使用的注册系统,但是如果已经注册了电子邮件/用户名,或者输入中的用户名或密码丢失等,我需要在html中打印出错误 .

就像现在一样,它将自动死亡并在空白页面上打印出错误消息 .

它看起来像这样:

if(empty($_POST['password'])) 
    { 
        die("Please enter a password");
    }

我试过这个:

$errors = array();
if(empty($_POST['password'])) 
{ 
    $errors[] = 'Please enter a password';
}

然后在html中打印出来 . 但是它会忽略密码输入并且只是注册用户帐户(使用加密密码,在phpmyadmin中) .

看起来有点死了,但我该怎么做呢?

这是整个代码:

<?php 
require("*mysql_connection file*"); 


if(!empty($_POST)) 
{ 

    if(empty($_POST['username'])) 
    { 
        die("Please enter a username."); 
    } 

     $errors = array();
    if(empty($_POST['password'])) 
    { 
        $errors[] = 'Please enter your password';
    } 

    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
    { 
        die("Invalid E-Mail Address"); 
    } 

    $query = " 
        SELECT 
            1 
        FROM users 
        WHERE 
            username = :username 
    "; 

    $query_params = array( 
        ':username' => $_POST['username'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
        die("This username is already in use"); 
    } 

    $query = " 
        SELECT 
            1 
        FROM users 
        WHERE 
            email = :email 
    "; 

    $query_params = array( 
        ':email' => $_POST['email'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
        die("Email already registered.");
    } 

    $query = " 
        INSERT INTO users ( 
            username, 
            password, 
            salt, 
            email 
        ) VALUES ( 
            :username, 
            :password, 
            :salt, 
            :email 
        ) 
    "; 

    $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 


    $password = hash('sha256', $_POST['password'] . $salt); 

    for($round = 0; $round < 65536; $round++) 
    { 
        $password = hash('sha256', $password . $salt); 
    } 

    $query_params = array( 
        ':username' => $_POST['username'], 
        ':password' => $password, 
        ':salt' => $salt, 
        ':email' => $_POST['email'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 

        die("Failed to run query: " . $ex->getMessage()); 
    } 

    header("Location: *login page*"); 
    die("Redirecting to *login page*"); 
}

?>

php mysql registration user-accounts

2 回答

  • 0
    <?php 
require("*mysql_connection file*"); 


if(!empty($_POST)) 
{ 

    if(empty($_POST['username'])) 
    { 
        die("Please enter a username."); 
    } 

     $errors = array();
    if(empty($_POST['password'])) 
    { 
        $errors[] = 'Please enter your password';
    } 

    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
    { 
        die("Invalid E-Mail Address"); 
    } 

    $query = " 
        SELECT 
            1 
        FROM users 
        WHERE 
            username = :username 
    "; 

    $query_params = array( 
        ':username' => $_POST['username'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
        die("This username is already in use"); 
    } 

    $query = " 
        SELECT 
            1 
        FROM users 
        WHERE 
            email = :email 
    "; 

    $query_params = array( 
        ':email' => $_POST['email'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
        die("Email already registered.");
    } 

    $query = " 
        INSERT INTO users ( 
            username, 
            password, 
            salt, 
            email 
        ) VALUES ( 
            :username, 
            :password, 
            :salt, 
            :email 
        ) 
    "; 

    $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 


    $password = hash('sha256', $_POST['password'] . $salt); 

    for($round = 0; $round < 65536; $round++) 
    { 
        $password = hash('sha256', $password . $salt); 
    } 

    $query_params = array( 
        ':username' => $_POST['username'], 
        ':password' => $password, 
        ':salt' => $salt, 
        ':email' => $_POST['email'] 
    ); 


    if (empty($errors)) { /********* EDITS ***********/

        try 
        { 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 

            die("Failed to run query: " . $ex->getMessage()); 
        } 

    }/********* EDITS ***********/

    header("Location: *login page*"); 
    die("Redirecting to *login page*"); 
} 
?>

    它会被重写你的整个代码 . 主要的评论是使用openssl_random_pseudo_bytes而不是你自己的东西来弥补盐,或者你可以从mcrypt系列函数中取出IV .

    回复于
  • 0

    试试这个 :-

    if(""== trim($_POST['password']))
    { 
            die("Please enter a password");
    } 
else //password is entered
{
//your code
}
    回复于

相关问题