function 用于检查密码的 strlen 在 php 中不起作用
[英]function for checking strlen of a password doesn't work in php
问题描述
I was making a sign-up page and everything worked and got send to the db but you could enter a weak pwd.
我正在制作一个注册页面,一切正常并发送到数据库,但你可以输入一个弱密码。 I wanted to make sure that the pwd length had a minimum length of 8. I added these lines of code but when I tested it it skipped this code and you could enter any pwd you want.我想确保密码长度的最小长度为 8。我添加了这些代码行,但是当我测试它时,它跳过了这段代码,你可以输入任何你想要的密码。 does anyone know why this line is getting skipped and what a sollution for this problem is?有谁知道为什么这条线被跳过以及这个问题的解决方案是什么?
function pwdTooShort($pwd) {
$result;
if (strlen($pwd) > 7) {
$result = true;
}
else{
$result = false;
}
return $result;
}
if (isset($_POST["submit"])) {
$pwd = $_POST["pwd"];
require_once 'functions.inc.php';
if(pwdTooShort($pwd) !== false) {
header("location: ../sign-in.php?error=passwordtooshort");
exit();
}
}
if (isset($_GET["error"])){
if($_GET["error"] == "passwordtooshort"){
echo "<p> password is too short </p>";
}
}
<form action="include/signup.inc.php" method = "post">
<input type="password" name = "pwd" />
</form>
2 个解决方案
解决方案1
1 已采纳 2021-12-23 09:38:40
You have some logic issues.你有一些逻辑问题。
Your pwdTooShort() will now return true if the password has more than 7 characters (backwards).如果密码超过 7 个字符(向后),您的pwdTooShort()现在将返回true 。 You can change that function to:您可以将 function 更改为:
function pwdTooShort($pwd)
{
// Return true if it is 7 characters or shorter
return mb_strlen($pwd) <= 7;
}
I also changed strlen() to mb_strlen() to account for multibyte characters, as @vee suggested in comments.正如@vee 在评论中建议的那样,我还将strlen()更改为mb_strlen()以考虑多字节字符。
Improvement suggestion改进建议
The if -statement is technically correct, but is "over complicated". if语句在技术上是正确的,但“过于复杂”。
You can change你可以改变
if (pwdTooShort($pwd) !== false)
to either要么
if (pwdTooShort($pwd) === true)
or just要不就
if (pwdTooShort($pwd))
to make it easier to read为了更容易阅读
解决方案2
0 2021-12-23 09:41:27
From your function name to check password too short, I think it should return true if too short and false if it is not.从您的 function 名称检查密码太短,我认为如果太短它应该返回true ,否则返回false 。
Here is the code.这是代码。 It is just flip true and false .它只是翻转true和false 。
/**
* Check if password is too short (less than 8 characters).
*
* @param string $pwd The raw password without hash.
* @return bool Return `true` if it is too short, return `false` if it is not.
*/
function pwdTooShort($pwd) {
$result;
if (mb_strlen($pwd) > 7) {
$result = false;
}
else{
$result = true;
}
return $result;
}
The code above, I changed from strlen() to mb_strlen() to let it supported multi byte characters (unicode text) and exactly count the characters.上面的代码,我从strlen()更改为mb_strlen()以使其支持多字节字符(unicode 文本)并精确计算字符。
I recommend you not limit the characters to non unicode.我建议您不要将字符限制为非 unicode。 This is recommeded by OWASP .这是OWASP推荐的。
Allow usage of all characters including unicode and whitespace.
The whitespace they said means between character.他们说的空格是字符之间的意思。 You can still trim($password) .您仍然可以trim($password) 。
The rest of the code will be work fine with this.代码的 rest 可以正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.