【发布时间】:2018-05-17 20:32:03
【问题描述】:
我正在尝试设置一个注册页面,该页面还对哈希数据进行哈希处理并向哈希数据添加盐,但服务器上没有任何处理并且我没有收到控制台错误,有人可以告诉我哪里出错了吗?
html代码
<!DOCTYPE html>
<html>
<head>
<script src="http://code.jquery.com/jquery-1.10.2.js"></script>
<script src="http://code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
<script
src="http://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js">
</script>
<script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
<script type="text/javascript" src="createScript.js"></script>
</head>
<body>
<div style="margin-left: 100px;">
<form method="POST" action="index.html">
<label>Enter your first name</label><br><br>
<input type="text" id="firstName" name="firstName"><br><br>
<label>Enter your last name</label><br><br>
<input type="text" id="lastName" name="lastName"><br><br>
<label>Enter a username (this will only be used to login)</label><br><br>
<input type="text" id="userName" name="userName"><br><br>
<label>Re-enter that username</label><br><br>
<input type="text" id="reuserName" name="reuserName"><br><br>
<label>Enter your email address</label><br><br>
<input type="email" id="emailAddress" name="emailAddress"><br><br>
<label>Re-enter your email address</label><br><br>
<input type="email" id="reemailAddress" name="reemailAddress"><br><br>
<label>Enter a password</label><br><br>
<input type="password" id="password" name="password"><br><br>
<label>Enter the password again</label><br><br>
<input type="password" id="rePassword" name="rePassword"><br><br>
<input type="submit" id="register" name="register">
</form>
</div>
</body>
</html>
connect.php 代码
<?php
if (!defined('HOST')) define("HOST", "localhost");
if (!defined('USER')) define("USER", "root");
if (!defined('PASSWORD')) define("PASSWORD", "");
if (!defined('DB')) define("DB", "socialmedia");
$connect = new mysqli(HOST, USER, PASSWORD, DB);
if ($connect->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
?> <!-- PHP -->
create.php 代码
<?php
require 'connect.php';
if ($_SERVER ['REQUEST_METHOD'] == 'POST') {
//Check for input
if((isset($_POST['firstName'])) && (!empty($_POST['firstName'])) &&
(isset($_POST['lastName'])) && (!empty($_POST['lastName'])) &&
(isset($_POST['userName'])) && (!empty($_POST['userName'])) &&
(isset($_POST['reuserName'])) && (!empty($_POST['reuserName'])) &&
(isset($_POST['emailAddress'])) && (!empty($_POST['emailAddress'])) &&
(isset($_POST['reemailAddress'])) && (!empty($_POST['reemailAddress'])) &&
(isset($_POST['password'])) && (!empty($_POST['password'])) &&
(isset($_POST['rePassword'])) && (!empty($_POST['rePassword']))) {
//Check first name
if(isset($_POST['firstName'])==0 || $_POST['firstName']==" ") {
//Error
ob_start();
echo "Please enter a valid first name";
exit;
ob_end_flush();
//Free Resources
unset($_POST['firstName']);
}//End of first name failure
else {
//Continue
$firstName = mysqli_real_escape_string($connect, $_POST['firstName']);
}//End of first name success
//Check last name
if(isset($_POST['lastName'])==0 || $_POST['lastName']==" ") {
//Error
ob_start();
echo "Please enter a valid last name";
exit;
ob_end_flush();
//Free Resources
unset($_POST['lastName']);
}//End of last name failure
else {
//Continue
$lastName = mysqli_real_escape_string($connect, $_POST['lastName']);
$fullName = mysqli_real_escape_string($connect, $firstName . " " . $lastName);
}//End of last name success
//Check username
if(isset($_POST['userName'])==0 || $_POST['userName']==" ") {
//Error
ob_start();
echo "Please enter a valid username";
exit;
ob_end_flush();
//Free Resources
unset($_POST['userName']);
}//End of username failure
else {
//Continue
$userName = mysqli_real_escape_string($connect, $_POST['userName']);
}//End of usernamesuccess
//Check reusername
if(isset($_POST['reuserName'])==0 || $_POST['reuserName']==" ") {
//Error
ob_start();
echo "Please enter a valid username";
exit;
ob_end_flush();
//Free Resources
unset($_POST['reuserName']);
}//End of reusername failure
elseif ($_POST['userName'] === $_POST['reuserName']) {
//Error
ob_start();
echo "Please enter matching usernames";
exit;
ob_end_flush();
//Free Resources
unset($_POST['reuserName']);
}
else
{
//Continue
$reuserName = mysqli_real_escape_string($connect, $_POST['reuserName']);
$hashedUserName = mysqli_real_escape_string($connect, hash('sha512', $userName));
}//End of reusername success
//Check email
if(!filter_var($_POST['emailAddress'], FILTER_VALIDATE_EMAIL)) {
//Error
ob_start();
echo "Please enter a valid email address";
exit;
ob_end_flush();
//Free Resources
unset($_POST['emailAddress']);
}//End of email failure
else {
//Continue
$emailAddress = mysqli_real_escape_string($connect, $_POST['emailAddress']);
}//End of email success
//Check reemail
if(!filter_var($_POST['reemailAddress'], FILTER_VALIDATE_EMAIL)) {
//Error
ob_start();
echo "Please enter a valid email address";
exit;
ob_end_flush();
//Free Resources
unset($_POST['reemailAddress']);
}//End of reemail failure
elseif ($_POST['emailAddress'] === $_POST['reemailAddress']) {
//Error
ob_start();
echo "Please enter matching email addresses";
exit;
ob_end_flush();
//Free Resources
unset($_POST['reemailAddress']);
}
else {
//Continue
$reemailAddress = mysqli_real_escape_string($connect, $_POST['reemailAddress']);
}//End of reemail success
//Check password
if(isset($_POST['password'])==0 || $_POST['password']==" ")
{
//Error
ob_start();
echo "Please enter a valid password";
exit;
ob_end_flush();
//Free Resources
unset($_POST['password']);
}//End of password failure
else
{
//Continue
$password = mysqli_real_escape_string($connect, $_POST['password']);
}//End of password success
//Check repassword
if(isset($_POST['rePassword'])==0 || $_POST['rePassword']==" ")
{
//Error
ob_start();
echo "Please enter a valid password";
exit;
ob_end_flush();
//Free Resources
unset($_POST['rePassword']);
}//End of repassword failure
elseif ($_POST['password'] === $_POST['rePassword']) {
//Error
ob_start();
echo "Please enter matching passwords";
exit;
ob_end_flush();
//Free Resources
unset($_POST['rePassword']);
}
else
{
//Continue
$rePassword = mysqli_real_escape_string($connect, $_POST['rePassword']);
$hashPassword = mysqli_real_escape_string($connect, hash('sha512', $password));
$saltedHashPassword = mysqli_real_escape_string($connect, hash('sha512', $userName . "" . $password));
}//End of repassword success
//Insert data into users database
$sql = "INSERT INTO users(idusers, name, username, hashedusername, email, password, unsaltedhashpassword, saltedhashpassword)
VALUES ('$fullName', '$userName', '$hashedUserName', '$email', '$password', '$hashedPassword', '$saltedHashPassword');";
if($connect->query($sql) === TRUE)
{
ob_start();
echo "<script type='text/javascript'>alert('New contact created.');</script>";
ob_end_flush();
}//End of INSERT success
else
{
ob_start();
echo "<script type='text/javascript'>alert('Error: ' . $sql . $connect->error;');</script>";
ob_end_flush();
}//End of INSERT Failed
}//Check Data
}//Get Post
?>
<html>
<head>
<script src="http://code.jquery.com/jquery-1.10.2.js"></script>
<script src="http://code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
<script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
<script type="text/javascript" src="createScript.js"></script>
</head>
</html>
javascript 代码
$(document).ready(function(){
$("#register").click(function(){
firstName=$("#firstName").val();
lastName=$("#lastName").val();
userName=$("#userName").val();
reuserName=$("#reuserName").val();
emailAddress=$("#emailAddress").val();
reemailAddress=$("#reemailAddress").val();
pass=$("#password").val();
rePassword=$("#rePassword").val();
$.ajax({
type: "POST",
url: "create.php",
data:
"firstName="+firstName+
"&lastName="+lastName+
"&userName="+userName+
"&reuserName="+reuserName+
"&emailAddress="+emailAddress+
"&reemailAddress="+reemailAddress+
"&password="+pass+
"&rePassword="+rePassword,
success: function(html){
if(html=='true') {
console.log("Submitted!");
}
else if(html=='false'){
console.log("Error!");
}
else{
console.log("Error!"+html);
}
},
beforeSend:function()
{
},
error: function(e)
{
console.log("Error!");
console.log(e);
}
});
return true;
});
});
users.sql
CREATE TABLE IF NOT EXISTS `users` (
`idusers` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(45) NOT NULL,
`username` varchar(45) NOT NULL,
`hashedusername` varchar(128) NOT NULL,
`email` varchar(45) NOT NULL,
`password` varchar(45) NOT NULL,
`unsaltedhashpassword` varchar(128) NOT NULL,
`saltedhashpassword` varchar(128) NOT NULL,
PRIMARY KEY (`idusers`),
UNIQUE KEY `idusers_UNIQUE` (`idusers`),
UNIQUE KEY `username_UNIQUE` (`username`),
UNIQUE KEY `hashedusername_UNIQUE` (`hashedusername`),
UNIQUE KEY `email_UNIQUE` (`email`),
UNIQUE KEY `saltedhashpassword_UNIQUE` (`saltedhashpassword`)
)
提前感谢您的帮助!
【问题讨论】:
-
警告:使用
mysqli时,您应该使用parameterized queries 和bind_param将用户数据添加到查询中。 请勿使用手动转义和字符串插值或连接来完成此操作,因为您将创建严重的SQL injection bugs。意外未转义的数据是一个严重的风险。使用绑定参数不那么冗长,并且更容易检查以检查您是否正确执行。 -
注意:
mysqli的面向对象接口明显不那么冗长,使代码更易于阅读和审核,并且不容易与过时的mysql_query接口混淆。在您对程序风格投入过多之前,值得转换一下。示例:$db = new mysqli(…)和$db->prepare("…")过程接口是 PHP 4 时代引入的mysqliAPI 的产物,不应在新代码中使用。 -
注意:电子邮件地址、姓名和其他值通常明显比您预期的要长。使用
VARCHAR(255)作为默认的“字符串”类型字段,并且仅在您有具体且令人信服的理由时才限制它。 -
警告:编写自己的访问控制层并不容易,而且有很多机会会严重错误。当任何现代development framework(如Laravel)带有强大的authentication system 内置时,请不要编写自己的身份验证系统。至少遵循recommended security best practices 并且永远不要将密码存储为纯文本 或像 SHA 或 MD5 这样的弱散列。
-
我也很困惑为什么要对用户名进行哈希处理。这是一种非常奇怪的做法,在这里似乎没有什么特别的用途。
标签: php jquery html mysql ajax