stackoom
  简体   繁体   中英

Server-side verification doesn't work

 原文  2014-07-14 12:50:49       php/ server-side-validation

Question

I have form with client-side verification by jQuery, which works good. But now for security reasons I want to add also server-side verification (php) for users without JavaScript. I created few functions and array "errors", where errors are logged. After submit I want run the verification. If no errors are logged, continue, if there are errors exit the script. But that part doesn't work, it always continue. My script: 

if (isset($_POST['submit'])) {
        require_once 'verify_form.php';
        $errors = array(
            'username' => null,
            'password1' => null,
            'password2' => null,
            'email1' => null,
            'email2' => null,
            'age' => null

        );
        validate_all($errors);
        if(empty($errors['username']) && empty($errors['password1']) && empty($errors['password2']) && empty($errors['email1']) && empty($errors['email2']) && empty($errors['age'])) {
//do something
        } else {
            $_SESSION['errorsArray'] = $errors;
            header('Location: /registracia');
            exit;
        }  
    }

verify_form.php 

<?php

function validate_all($errors)
{
    validUsername($errors);
    validPassword1($errors);
    validPassword2($errors);
    validEmail1($errors);
    validEmail2($errors);
    validAge($errors);

}

function validUsername($errors)
{
    include 'config.php';
    $username=$_POST['usernameReg'];
    if (strlen($username) < 3 || strlen($username) > 16) {
        $errors['username'] = "Zadajte uživateľské meno v rozmedzí 3 - 16 znakov.";
    } 
        $query = "SELECT * FROM `users` WHERE `username` = '$username'";
        $result = mysqli_query($link, $query) or die(mysqli_error($link));
        if (mysqli_num_rows($result) > 1) {
            $errors['username'] = "Toto uživateľské meno už niekto používa.";

    }
}

function validPassword1($errors)
{
    $password1=$_POST['password1Reg'];
    $regex = '/^([a-zA-Z]|[0-9]|[-]|[_]|[/]|[.])+([a-zA-Z]|[0-9]|[-]|[_]|[/]|[.])+([a-zA-Z]|[0-9]|[-]|[_]|[/]|[.])$/';
    if (!preg_match($regex, $password1)) {
        $errors['password1'] = 'Vaše heslo obsahuje nepovolené znaky.';
    }
    if (strlen($password1) < 6) {
        $errors['password1'] = 'Heslo musí obsahovať minimálne 6 znakov.';
    }
}

function validPassword2($errors)
{
    $password2=$_POST['password2'];
    if ($password1 != $password2) {
        $errors['password2'] = 'Zadané heslá sa nezhodujú.';
    }

}

function validEmail1($errors)
{
    include 'config.php';
    $email1=$_POST['email1'];
    $regex = "/[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/";
    if (!preg_match($regex, $email1)) {
        $errors['email1'] = 'Neplatná e-mailová adresa.';
    }
    $query = "SELECT * FROM `users` WHERE `email` = '$email1'";
    $result = mysqli_query($link, $query) or die(mysqli_error($link));
    if (mysqli_num_rows($result) > 1) {
        $errors['email1'] = "Tento e-mail už niekto používa.";
    }

}

function validEmail2($errors)
{
    $email2=$_POST['email2'];
    if ($email1 != $email2) {
        $errors['email2'] = 'Zadané e-maily sa nezhodujú.';
    }

}

function validAge($errors)
{
    $age=$_POST['age'];
    $regex = "/^([0-9]|[0-9][0-9])$/";
    if (!preg_match($regex, $age)) {
        $errors['age'] = 'Vek musí byť číslo v rozsahu od 0-99.';
    }

}




?>

Why the script always continue?

3 answers

solution1
 2 ACCPTED  2014-07-14 12:57:23

You're passing the $errors array into the validUsername() function. The function doesn't actually receive the original array, but instead it gets a copy of it. You're modifying the copy, but the original is never modified. Here's a smaller example to show you how this works: 

function addCheese(Array $arr)
{
    $arr[] = 'cheese';
}

$a = array();
addCheese($a);
var_dump($a);
// Outputs:
// array(0) {
// }

One way to fix this would be to modify each validation function to return the modified array: 

function validSomething($errors)
{
    // ... do validation checks
    return $errors;
}

... and then assign the updated version to the external value: 

function validate_all($errors)
{
    $errors = validUsername($errors);
    $errors = validPassword1($errors);
    $errors = validPassword2($errors);
    $errors = validEmail1($errors);
    $errors = validEmail2($errors);
    $errors = validAge($errors);
    return $errors;
}

Alternatively you could return the local array of errors and assemble them together, or just pass by reference (although this might cause other problems later on).

I'd strongly recommend using some sort of framework to do your validation: this will save you a lot of time in the long run.

solution2
 1  2014-07-14 13:00:58

函数validEmail2($ errors)没有意义... $ email1未定义,将始终为!= $ _POST ['email2']

solution3
 0  2014-07-14 12:58:54

You need to give the valid functions pointers to $errors. For example

function validUsername(&$errors)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Facebook app: server-side access token verification Server-side verification of Android Market Licensing responses with PHP jQuery serializeArray doesn't work in server side Cron Script Doesn't Work in Server Side OAuth.io server-side doesn't refresh Google token How do I integrate hCaptcha with CakePHP for server-side verification and also make the captcha mandatory? session doesn't work in mail verification register DataTable Server side in Codeigniter, Searching feature doesn't work Server-side won't recognize elements from $_POST Server-side analytics and server-side logging in particular (PHP)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM