[英]PHP mysql register password
這可能不安全,但請忽略它。 Ive通過登錄,注冊和注銷創建了一個簡單的主頁。 但是我在將密碼存儲在數據庫中時遇到問題。 它看起來有些散列/鹽漬。 當我自己不散列時,我不太了解。 實際上,我根本沒有加鹽經驗,所以請不要提供專業的解決方案。
注冊后在數據庫中的外觀如下:數據庫具有以下屬性:id,用戶名,密碼,電子郵件:
9,測試,* 94BDCEBE19083CE,test @ mail.com
但應如下所示:
9,測試,測試,test @ mail.com
我的registration.php看起來像這樣:
<html>
<head>
<link rel="stylesheet" type="text/css" href="styles.css">
</head>
<body>
<?php
// loggin in and selects the database
include ("dbConfig.php");
//Input vaildation and the dbase code
if ( $_GET["op"] == "reg" )
{
$bInputFlag = false;
foreach ( $_POST as $field )
{
if ($field == "")
{
$bInputFlag = false;
}
else
{
$bInputFlag = true;
}
}
// If we had problems with the input, exit with error
if ($bInputFlag == false)
{
die( "Problem with your registration info. "
."Please go back and try again.");
}
// Fields are clear, add user to database
// Setup query
$q = "INSERT INTO dbUsers (username, password , email ) "
."VALUES ('".$_POST["username"]."', "
."PASSWORD('".$_POST["password"]."'), "
."'".$_POST["email"]."')";
// Run query
$r = mysql_query($q);
// Make sure query inserted user successfully
if ( !mysql_insert_id() )
{
die("Error: User not added to database.");
}
else
{
// Redirect to thank you page.
Header("Location: register.php?op=thanks");
}
} // end if
//The thank you page
elseif ( $_GET["op"] == "thanks" )
{
echo "<form action='members.php' method='POST'>";
echo "<div class='panel'> <span><font color='lime'>Thanks for registering!</font></span>";
echo "<label><input type='submit' class ='button' value='Back'></label></div></form>";
}
//The web form for input ability
else
{
echo "
<div class='box'>
<h1>Registration</h1>
<form action=\"?op=reg\" method=\"POST\">
<label>
<span>Username</span>
<input autocomplete='off' class='input_text' name='username'>
</label>
<label>
<span>Password</span>
<input autocomplete='off' class='input_text' type='password' name='password'>
</label>
<label>
<span>Email</span>
<input autocomplete='off' class='input_text' name='email'>
</label>
<label>
<input type='submit' class='button' value='Registrer'>
</label>
</form>
</div>";
}
?>
</body>
</html>
只需從SQL語句中刪除PASSWORD()
函數即可。
因此,您必須像這樣修改代碼:
$q = "INSERT INTO dbUsers (username, password , email ) "
."VALUES ('".$_POST["username"]."', "
."'".$_POST["password"]."', "
."'".$_POST["email"]."')";
請注意, 這是不安全的,因為可以進行SQL注入。 您可以將准備好的語句與mysqli_*
函數一起使用以防止這種情況。 如果您不能使用mysqli_*
,也可以使用mysql_real_escape_string()
。
您的代碼將如下所示:
$q = "INSERT INTO dbUsers (username, password , email ) "
."VALUES ('".mysql_real_escape_string($_POST["username"])."', "
."'".mysql_real_escape_string($_POST["password"])."', "
."'".mysql_real_escape_string($_POST["email"])."')";
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.