dpvomqeu396484 2014-03-28 17:30
浏览 34
已采纳

使用sha512安全php注册失败

I have a registration for a website, and at first I only used an e-mail and username to register, but I realised I also wanted full name and a workgroup.

My problem is that the registration won't work properly when I add these to the registration function. I get a "registration successful" but nothing is inserted into the database.

The code for the registration form itself:

<form method="post" name="registration_form" action="<?php echo esc_url($_SERVER['PHP_SELF']); ?>">

<!-- Username -->
<input type='text'
name='username' 
id='username'/>

<!-- Full Name -->
<input type='text'
name='fullname' 
id='fullname'/>

<!-- Group -->
<input type='text'
name='group' 
id='group'/>

<!-- Email -->          
<input type="text" 
name="email" 
id="email"/>

<!-- Password -->
<input type="password"
name="password" 
id="password"/>

<!-- Confirm Password -->   
<input type="password" 
name="confirmpwd" 
id="confirmpwd"/>

<input type="button" 
value="Register" 
onclick="return regformhash(this.form,
         this.form.username,
         this.form.fullname,
         this.form.group,
         this.form.email,
         this.form.password,
         this.form.confirmpwd);" /> 
</form>

The code for inserting the data into the database:

<?php

include_once 'db_connect.php';
include_once 'psl-config.php';

$error_msg = "";



if (isset($_POST['username'], $_POST['fullname'], $_POST['group'], $_POST['email'], $_POST['p'])) {

    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
    $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
    $email = filter_var($email, FILTER_VALIDATE_EMAIL);

    $fullname = filter_input(INPUT_POST, 'fullname', FILTER_SANITIZE_STRING);
    $group = filter_input(INPUT_POST, 'group', FILTER_SANITIZE_STRING);

    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        // Not a valid email
        $error_msg .= '<p class="error">The email address you entered is not valid</p>';
    }

    $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
    if (strlen($password) != 128) {
        $error_msg .= '<p class="error">Invalid password configuration.</p>';
    }

    $prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
    $stmt = $mysqli->prepare($prep_stmt);

    if ($stmt) {
        $stmt->bind_param('s', $email);
        $stmt->execute();
        $stmt->store_result();

        if ($stmt->num_rows == 1) {
            // A user with this email address already exists
            $error_msg .= '<p class="error">A user with this email address already exists.</p>';
        }
    } else {
        $error_msg .= '<p class="error">Database error</p>';
    }

    if (empty($error_msg)) {
        $random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
        $password = hash('sha512', $password . $random_salt);

        if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt, group, name) VALUES (?, ?, ?, ?, ?, ?)")) {
            $insert_stmt->bind_param('ssssss', $username, $email, $password, $random_salt, $group, $fullname);
            if (! $insert_stmt->execute()) {
                header('Location: ../error.php?err=Registration failure: INSERT');
            }
        }
        header('Location: ./register_success.php');

        exit();
    }
}

The db-connect.php and psl-config.php included connects to the database correctly, as these are unchanged from before, and worked then.

The javascript used for validation should be irrelevant, but I will post it if it is requested.

  • 写回答

1条回答 默认 最新

  • duanfeng3879 2014-03-28 17:32
    关注

    I get a "registration successful" but nothing is inserted into the database.

    That is because the group is a reserved word and you need to surround it with backticks on your query. Check your INSERT statement and do this change.

    TO members (username, email, password, salt, `group`, name) VALUES (?, 
                                                  ^^^^^
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 易优eyoucms关于二级栏目调用的问题
  • ¥15 寻找公式识别开发,自动识别整页文档、图像公式的软件
  • ¥15 为什么eclipse不能再下载了?
  • ¥15 编辑cmake lists 明明写了project项目名,但是还是报错怎么回事
  • ¥15 关于#计算机视觉#的问题:求一份高质量桥梁多病害数据集
  • ¥15 特定网页无法访问,已排除网页问题
  • ¥50 如何将脑的图像投影到颅骨上
  • ¥15 提问一个关于vscode相关的环境配置问题,就是输入中文但是显示不出来,代码在idea可以显示中文,但在vscode不行,不知道怎么配置环境
  • ¥15 netcore使用PuppeteerSharp截图
  • ¥20 这张图页头,页脚具体代码该怎么写?