doudouchan5830 2013-09-12 10:01
浏览 37
已采纳

密码不同于用户名/姓名/电子邮件

How can I limit the user so that his password should not contain his name/user/e-mail?

This is the validation script that I use at the moment:

<?php
    $register = $_POST['register'];
    if (isset ($register))
    {
        $email = mysql_real_escape_string($_POST['email']);
        $username = mysql_real_escape_string($_POST['username']);
        $password = sha1(md5(mysql_real_escape_string($_POST['password'])));
        $repeat_password = sha1(md5(mysql_real_escape_string($_POST['repeat_password'])));
        $first_name = mysql_real_escape_string($_POST['first_name']);
        $last_name = mysql_real_escape_string($_POST['last_name']);
        $birthday = mysql_real_escape_string($_POST['birthday']);
        $sex = mysql_real_escape_string($_POST['sex']);
        $registered = date("Y-m-d H:i:s"); 

        // Form validation

        // Password validation
        $password  = $_POST["password"];
        $uppercase = preg_match('@[A-Z]@', $password);
        $lowercase = preg_match('@[a-z]@', $password);
        $number    = preg_match('@[0-9]@', $password);
        $length    = preg_match("@^.{8,}$@" , $password);

        if(!$uppercase || !$lowercase || !$number ||  !$length  ) {
           echo "Parola trebuie sa aiba min 8 caractere si sa contina cel putin o litera mare, o litera mica si o cifra.";
        }


        // Password = Password validation
        elseif ($_POST['password'] != $_POST['repeat_password'])
        {
            echo "Parolele nu corespund.";
        }

        // E-mail address format
        elseif (!filter_var($email,FILTER_VALIDATE_EMAIL))
        {
            echo "Formatul adresei de email este invalid.";
        }

        // No e-mail typed
        elseif (empty($_POST['email']))
        {
            echo "Nu ati completat adresa de email.";
        }

        // No username typed
        elseif (empty($_POST['username']))
        {
            echo "Nu ati completat numele de utilizator dorit.";
        }

        // No password or password validation typed
        elseif ((empty($_POST['password']) or empty($_POST['repeat_password'])))
        {
            echo "Parola trebuie introdusa in ambele campuri.";
        }

        // MySQL validations
        else
        {
            require_once("db_connect.php");


            $query_email="SELECT email FROM users WHERE email='$email'";
            $result_email=mysql_query($query_email) or die (mysql_error());

            $query_username="SELECT username FROM users WHERE username='$username'";
            $result_username=mysql_query($query_username) or die (mysql_error());



            // Check if e-mail exists
            if (mysql_num_rows($result_email)>0)
            {
                echo "Email-ul introdus a mai fost inregistrat.";
            }

            // Check if user exists

            elseif (mysql_num_rows($result_username)>0)
            {
                echo "Username-ul introdus a mai fost inregistrat. Va rugam sa va alegeti alt username.";
            }

            // Add new user to database
            else
            {
                $query="INSERT INTO users VALUES ('', '$username', '$password', '$email', '$first_name', '$last_name', '$birthday', '$sex', '', '$registered', '')";
                mysql_query($query) or die (mysql_error());
                echo "Cont creat cu succes!";

                // Send E-mail
                $to = $_POST['email'];
                $subject = "Contul meu";
                $message = "Contul dumneavoastra a fost creat cu succes! Date contului sunt: ";
                $from = "someonelse@example.com";
                $headers = "From:" . $from;
                mail($to,$subject,$message,$headers);
            }

        }
    }   
?>

I know that MySQL is depreciated. I'll switch to MySQLi ASAP and adapt the script so that it won't be SQL Injection vulnerable. The echoed messages are in romanian. I guess you don't need them translated. Just ignore them.

Since I don't have an e-mail server please check out the "Send E-mail" part as well and let me know if it would work, it's the first time that I use it.

Let me know before downrating so that I can edit my question. Thanks!

  • 写回答

5条回答 默认 最新

  • dongtingxiao4697 2013-09-12 10:08
    关注

    Use strpos() or preg_match().

    Example using strpos() with username and password : 

    if ( (strpos($password,$_POST['username']) !== false ) || ( strpos($password,$_POST['password'] ) !== false ) ) {
    echo 'password not valid';
}

    Example using preg_match():

    <?php
$password='username email name jaja ';
$username='username';
$email='email';
$name='name';

if (preg_match("#(($email)|($username)|($name))#", $password))
    echo 'probleme';
else echo 'no problem';
?>

    If you want to match both upper and lower case letters :

    stripos() : Find the position of the first occurrence of a case-insensitive substring in a string

    For preg_match() , add i (Docs here) modifier after last # like this :

    preg_match("#(($email)|($username)|($name))#i", $password)

    NOTE : the documentation says "Do not use preg_match() if you only want to check if one string is contained in another string. Use strpos() or strstr() instead as they will be faster."

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(4条)

报告相同问题?

悬赏问题

  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计