堆栈内存溢出
  简体   繁体   English

PHP登录-if(empty)$ password在我的代码中不起作用,为什么?

[英]PHP Login - if(empty)$password doesn't work in my code, why?

 原文  2013-03-30 20:35:56       php/ encryption/ login/ md5

问题描述

So I was playing around with my simple login system, and one thing I can't seem to figure out is why the login allows me to create an account with only an username and send this data to my database event though I specified 所以我在玩我简单的登录系统,我似乎无法弄清楚的一件事是,为什么登录允许我仅使用用户名创建一个帐户,并将该数据发送到我的数据库事件,尽管我指定了 

 if($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));

and 

    if(empty($username)) {
      echo("Du ma fylle inn et brukernavn!");
} {
 if(empty($password)) {
      echo("Du ma fylle inn et passord!");
      } else {

When I remove (md5 in the escape string, it works, but then there is no encryption and the password is visible in the database. So it's kind of vice versa.. anyone see where my mistake or missunderstanding is? 当我删除(在转义字符串中的md5时,它可以工作,但是没有加密,并且密码在数据库中可见。因此,反之亦然。)有人看到我的错误或误解在哪里吗?

QUICK SUM: It's supposed to give "You need to fill in password" but it doesn't when I have the md5 decrypting in the string, however when I remove it, it allows me. 快速总结:应该给出“您需要输入密码”,但是当我在字符串中使用md5解密时却没有,但是当我删除它时,它允许我。

4 个解决方案

解决方案1
 2  2013-03-30 20:38:12

md5 will result in a string, even though the input is empty. md5将产生一个字符串,即使输入为空。 You need to check the original input, straight from $_POST . 您需要直接从$_POST检查原始输入。 If you want to validate input, always check before processing it, as subsequent processing (as you have seen in this case) can result in non-empty variables, even though the original input was empty. 如果要验证输入,请务必在处理之前进行检查,因为即使原始输入为空,后续处理(如本例所示)也可能导致非空变量。

解决方案2
 2  2013-03-30 20:38:35

md5 will encode ANYTHING, even an empty string. md5会编码任何东西,甚至是一个空字符串。 Which will make the variable 'non-empty', no matter what. 无论如何,这都会使变量“非空”。

Meaning: Do your check on empty first, THEN encode your password. 含义:首先检查是否为空,然后对密码进行编码。

解决方案3
 1  2013-03-30 20:38:32

空字符串仍然具有MD5哈希,因此您可以正确检查密码是否相等。

解决方案4
 0 已采纳  2013-03-30 20:48:43

You could check if the field is empty before you assign md5- 您可以在分配md5-之前检查该字段是否为空 

if($_SERVER['REQUEST_METHOD'] == 'POST') 
{
    if (mysql_real_escape_string(empty($_POST['password']))) {
        // do nothing
    } 
    else 
    {
   `    $username = mysql_real_escape_string($_POST['username']);
        $password = mysql_real_escape_string(md5($_POST['password']));

        if(empty($username)) {
             echo("Du ma fylle inn et brukernavn!");
        } {
        if(empty($password)) {
             echo("Du ma fylle inn et passord!");
        } else {
        }
   }

} }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP登录检查用户名和密码不起作用 - PHP login check username and password code doesn't work 为什么我的密码验证无效? - Why doesn't my password validation work? 为什么jQuery代码在我的php文件中不起作用? - Why doesn't jQuery code work in my php file? 为什么我的php无法连接到sql数据库代码? - Why doesn't my php connect to sql database code work? 我在php中的登录无法正常工作 - my login in php doesn't work properly 为什么我的PHP代码不再无缘无故了? - Why does my PHP code doesn't work anymore for no reason? 尽管用户名和密码正确,PHP和Javascript登录仍无法正常工作 - PHP and Javascript Login doesn't work despite correct username and password 我的登录 PHP 表单不起作用。 我相信我的 $hash = $row['password']; 是问题,但我不太确定 - My LogIn PHP form doesn't work. I believe that my $hash = $row['password']; is the problem, but am not really sure JavaScript在我的PHP代码中不起作用 - JavaScript doesn't work in my PHP code 为什么这个PHP代码不起作用? - Why doesn't this PHP code work?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM