【发布时间】:2019-10-08 06:06:49
【问题描述】:
我有一个用户注册表格,我在其中收到名字、姓氏、电子邮件、密码和重复密码。我还有一些验证会在 URL 中返回错误,识别输入是有效的还是空的。但是,即使我填写了所有字段,当我尝试提交表单时,我也会收到空字段的 if 条件,即使所有内容都已正确填写。
HTML
<form method="post" action="includes/signup.inc.php" id="create_customer" accept-charset="UTF-8"><input type="hidden" name="form_type" value="create_customer" /><input type="hidden" name="utf8" value="✓" />
<div id="first_name" class="clearfix large_form"> <label for="fname" class="login">Nome</label>
<input type="text" value="" name="fname" id="fname" class="large" size="30" />
</div>
<div id="last_name" class="clearfix large_form"> <label for="lname" class="login">Sobrenome</label>
<input type="text" value="" name="lname" id="lname" class="large" size="30" /></div>
<div id="email" class="clearfix large_form"> <label for="email" class="login">E-mail</label> <input type="email" value="" name="email" id="email" class="large" size="30" /></div>
<div id="password" class="clearfix large_form"> <label for="password" class="login">Senha</label> <input type="password" value="" name="pwd" id="password" class="large password" size="30" />
<div id="password" class="clearfix large_form"> <label for="password" class="login">Repetir Senha</label> <input type="password" value="" name="pwd-repeat" id="password" class="large password" size="30" />
</div>
<div class="acceptsMarketing"> <input type="checkbox" id="customer[accepts_marketing]" name="customer[accepts_marketing]"> <label for="customer[accepts_marketing]">Assine a nossa
newsletter?</label></div>
<div class="action_bottom"> <input class="btn action_button" name="signup-submit" type="submit" value="Inscrever-se" />
<p class="right" style="padding-top: 8px;">
<input class="btn action_button" type="submit" value="Recuperar Senha" />
<p class="right" style="padding-top: 8px;">
Já é cliente? <a href="login.php" id="customer_login_link">Entrar →</a></p>
</div>
</form>
PHP
<?php
if(isset($_POST['signup-submit'])){
require 'dbh.inc.php';
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$pwd = $_POST['pwd'];
$pwdrepeat = $_POST['pwd-repeat'];
if(empty($fname) || empty($lname) || empty($email) || empty($password) || empty($passwordrepeat)) {
header("Location: ../register.php?error=emptyfields&fname=".$fname."&lname".$lname."&email".$email."&pwd".$pwd."&pwdrepeat".$pwdrepeat);
exit();
}
else if (!preg_match("/^[a-zA-Z0-9]*$/", $fname))
{
header("Location: ../register.php?error=invalidmail&email=".$email);
exit();
}
else if (!preg_match("/^[a-zA-Z0-9]*$/", $lname))
{
header("Location: ../register.php?error=invalidmail&email=".$email);
exit();
}
else if($pwd !== $pwdrepeat){
header("Location: ../register.php?error=passwordcheck&fname=".$fname."&lname".$lname);
exit();
}
else{
$sql = "SELECT email FROM users WHERE email=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ../register.php?error=signuperror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "s", $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if($resultCheck > 0){
header("Location: ../register.php?error=signuperrorUserTaken&email=".$email);
exit();
}
else{
$sql = "INSERT INTO users (fname, lname, email, pwd) VALUES (?, ?, ?, ?)";
$stmt = mysqli_Stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ../signup.phperror=sqlerror");
exit();
}
else{
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $fname, $lname, $email, $pwd);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
}
else{
header("Location: ../signup.php");
exit();
}
【问题讨论】:
-
永远不会永远不会以纯文本形式存储密码!您应该总是使用password_hash() 对密码进行哈希处理,并且只存储哈希值。然后你可以使用password_verify() 来根据哈希验证密码。
-
$pwd和$pwdrepeat与$password和$passwordrepeat不是同一个变量 -
您的 html 无效 - 您有未闭合的元素( div 和 p )接近尾声
-
在您的代码中有 2 个错误 1. 您是否错误地将名称“signup-submit”添加到 div 而不是提交按钮,2. 将变量分配给 $pwd 并检查条件 $password 是否相同$pwdrepeat 分配并检查 $passwordrepeat
-
。事实上,问题只是我刚刚很难找到的变量的命名错误,div 没问题。