确认密码无效
[英]Confirm password not working
问题描述
I have this html form:
我有这个 html 表单:
<form class="signup-form" action="action/register.php" method="post"> <input type="text" class="input" name="user" id="user_name" autocomplete="off" placeholder="Username" required="true"> <input type="text" class="input" name="nome" id="name" autocomplete="off" placeholder="Nome" required="true"> <input type="password" class="input" name="pass" id="user_pass" autocomplete="off" placeholder="Password" required="true"> <input type="password" class="input" name="cpass" id="user_cpass" autocomplete="off" placeholder="Confirme a Password" required="true"> <input type="submit" class="button" name="submit" value="Sign Up"> </form
and the action/register.php is like this:和 action/register.php 是这样的:
global $db;
$username=trim($_POST['user']);
$nome=trim($_POST['nome']);
$password=trim($_POST['pass']);
$cpassword=trim($_POST['cpass']);
if(strcmp($password,$cpassword)!==0) {
echo "<script> window.location.assign('../errors/password_error.php'); </script>";
//header('Location: ../errors/password_error.php');
}
$stmt = $db->prepare('SELECT username FROM utilizador');
$stmt->execute();
$result = $stmt->fetchAll();
foreach ($result as $row) {
if($row['username'] === $username){
header('Location: ../errors/username_error.php');
}
}
when I insert a username that already exists, it redirects me successfully to errors/username_error.php, but when I insert a cpass different from pass, it accepts it, when it should not (I've tried both with the echo and with the header).当我插入一个已经存在的用户名时,它成功地将我重定向到 errors/username_error.php,但是当我插入一个不同于 pass 的 cpass 时,它接受它,当它不应该时(我已经尝试了 echo 和头)。
Any suggestions?有什么建议?
PS: I've already tried if($password !== $cpassword) PS:我已经试过 if($password !== $cpassword)
PPS: I think I solved it, but I don't understand why, do you? PPS:我想我解决了,但我不明白为什么,是吗? this is the whole register.php that I had:这是我拥有的整个 register.php:
<?php
include_once('../database/connection.php'); // connects to the database
session_start(); // starts the session
function NewUser()
{
global $db;
$username=trim($_POST['user']);
$nome=trim($_POST['nome']);
$password=trim($_POST['pass']);
$cpassword=trim($_POST['cpass']);
if($password !== $cpassword) {
//echo "<script> window.location.assign('../errors/password_error.php'); </script>";
header('Location: ../errors/password_error.php');
}
else{
$stmt = $db->prepare('SELECT username FROM utilizador');
$stmt->execute();
$result = $stmt->fetchAll();
foreach ($result as $row) {
if($row['username'] === $username){
header('Location: ../errors/username_error.php');
}
}
$img = rand(0,10);
$stmt = $db->prepare("INSERT INTO utilizador (username,nome,password,img) VALUES (:username,:nome,:password,:img)");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':nome', $nome);
$stmt->bindParam(':password', $password);
$stmt->bindParam(':img', $img);
if($stmt->execute()){
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$_SESSION['img'] = $img;
header('Location: ../main.php');
}
}
}
if(isset($_POST['submit'])){
NewUser();
}
?>
then I changed it to this (got rid of the function) and it worked!然后我把它改成了这个(去掉了这个功能)并且它起作用了!
<?php
include_once('../database/connection.php'); // connects to the database
session_start(); // starts the session
if(isset($_POST['submit'])){
global $db;
$username=trim($_POST['user']);
$nome=trim($_POST['nome']);
$password=trim($_POST['pass']);
$cpassword=trim($_POST['cpass']);
if($password !== $cpassword) {
//echo "<script> window.location.assign('../errors/password_error.php'); </script>";
header('Location: ../errors/password_error.php');
}
else{
$stmt = $db->prepare('SELECT username FROM utilizador');
$stmt->execute();
$result = $stmt->fetchAll();
foreach ($result as $row) {
if($row['username'] === $username){
header('Location: ../errors/username_error.php');
}
}
$img = rand(0,10);
$stmt = $db->prepare("INSERT INTO utilizador (username,nome,password,img) VALUES (:username,:nome,:password,:img)");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':nome', $nome);
$stmt->bindParam(':password', $password);
$stmt->bindParam(':img', $img);
if($stmt->execute()){
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$_SESSION['img'] = $img;
header('Location: ../main.php');
}
}
}
?>
2 个解决方案
解决方案1
1 2015-11-28 18:01:32
try:尝试:
if(strcmp($password,$cpassword)!=0)
instead of:代替:
if(strcmp($password,$cpassword)!==0)
i cant guarantee the working since im kinda new to php我不能保证工作,因为我对 php 有点陌生
解决方案2
0 2015-11-28 18:08:51
Clue 1 : Is the password from the database is encrypted ?线索1:数据库中的密码是否加密? If yes, you should cypher the input password before making any comparison with it.如果是,您应该在与输入密码进行任何比较之前对输入密码进行加密。
Clue 2 :线索2:
You could use the same technique to find your username and password.您可以使用相同的技术来查找您的用户名和密码。 You could do something like this.你可以做这样的事情。
$stmt = $db->prepare('SELECT username, password FROM utilizador');
$stmt->execute();
$result = $stmt->fetchAll();
foreach ($result as $row) {
if($row['username'] === $username){
header('Location: ../errors/username_error.php');
}
if($row['password'] === $password){
header('Location: ../errors/password_error.php');
}
}
Clue 3 : Have you tried to clear the browser cache inside register.php ?线索 3:您是否尝试清除 register.php 中的浏览器缓存?
<?php
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.