doutonghang2761 2015-04-29 11:18
浏览 36
已采纳

PHP,MySql。 要求人们使用密钥注册

So I've created a registration page and I've attempted to try and make it require an "alpha" key for the game but I cannot get it working. I've got all the information in my database and it's just coming out with my error "ERR 02: Failed to register!"

    <!doctype html>
<html>
<head>  
<title>Register</title>
</head>
<body>

<h3>Registration Form</h3>
<form action="" method="POST">
Alpha Key: <input type=text name='alphakey'><br/>
Username: <input type=text name='user'><br/>
Password: <input type=password name='pass'><br/>    

<input type=submit value='Register' name='submit'>
</form>
<?php 
if (isset($_POST['submit'])){

if(!empty($_POST['user']) && !empty($_POST['pass'])) {

//mysql_real_escape_string() escapes special characters in a string for use                 in an SQL statement
$user=mysql_real_escape_string($_POST['user']); 
$pass=mysql_real_escape_string($_POST['pass']);
$alphakey=mysql_real_escape_string($_POST['alphakey']);

$con=mysql_connect('localhost','<my_user>','<my_password>') or die(mysql_error());
mysql_select_db('user') or die("cannot select DB");

$query=mysql_query("SELECT * FROM login WHERE user='".$user."'");
//$query.=mysql_query("SELECT * FROM regkey WHERE     alphakey='".$_POST["alphakey"]."'");
$numrows=mysql_num_rows($query);
if($numrows==0)
{
//md5() calculates the MD5 hash of a string
//$encrypt_password=password_hash($pass, PASSWORD_DEFAULT);
$encrypt_password=md5($_POST["pass"]);

$sql="INSERT INTO login(user,pass)    VALUES('".$_POST["user"]."','$encrypt_password')";
$sql.="SELECT * FROM regkey WHERE alphakey='".$_POST["alphakey"]."'";

$result=mysql_query($sql);


if($result!=1) 
{
echo "ERR 02: Failed to register";
}
else{
echo "Account Successfully Created";
}
} else {
echo "That username already exists! Please try again with another.";
}

} else {
echo "All fields are required!";
}
}
?>
<p><a href="register.php">Register</a> | <a href="login.php">Login</a></p>
</body>
</html>
  • 写回答

1条回答 默认 最新

  • dqh1984 2015-04-29 12:31
    关注

    I would use the following method.

    Foreword: Consult my footnotes about the use of insecure functions.

    First check if the reg key exists, then insert into DB.

    $query = mysql_query("SELECT * FROM login WHERE user='".$user."'");

$numrows = mysql_num_rows($query);

// if user doesn't exist...
if($numrows==0) {

    $encrypt_password = md5($_POST["pass"]);

$query_key = mysql_query("SELECT * FROM regkey WHERE alphakey='".$_POST["alphakey"]."'") 
             or die(mysql_error());

$check_key = mysql_num_rows($query_key);

if($check_key >0){

    $sql = mysql_query("INSERT INTO login (user,pass) 
                        VALUES ('".$_POST["user"]."','$encrypt_password')") 

          or die(mysql_error());
    }

} // brace for if($numrows==0)

if($sql){
echo "Success.";
}
    • Give that a go. If you have any problems or that I may have misunderstood the question, let me know and I will be glad to adjust my answer accordingly.

    Footnotes:

    Your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements, they're much safer.

    Password storage:

    You are using MD5 which is an old and considered broken method of hashing and is no longer considered safe to use.

    I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function.

    For PHP < 5.5 use the password_hash() compatibility pack.

    PDO with prepared statements example, including using password_hash().

    Pulled from ircmaxell's answer https://stackoverflow.com/a/29778421/

    Just use a library. Seriously. They exist for a reason.

    Don't do it yourself. If you're creating your own salt, YOU'RE DOING IT WRONG. You should be using a library that handles that for you.

    $dbh = new PDO(...);

$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
$hash = password_hash($password, PASSWORD_DEFAULT);

$stmt = $dbh->prepare("insert into users set username=?, email=?, password=?");
$stmt->execute([$username, $email, $hash]);

    And on login:

    $sql = "SELECT * FROM users WHERE username = ?";
$stmt = $dbh->prepare($sql);
$result = $stmt->execute([$_POST['username']]);
$users = $result->fetchAll();
if (isset($users[0]) {
    if (password_verify($_POST['password'], $users[0]->password) {
        // valid login
    } else {
        // invalid password
    }
} else {
    // invalid username
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 双层网络上信息-疾病传播
  • ¥50 paddlepaddle pinn
  • ¥15 Stata 面板数据模型选择
  • ¥20 idea运行测试代码报错问题
  • ¥15 网络监控:网络故障告警通知
  • ¥15 django项目运行报编码错误
  • ¥15 请问这个是什么意思?
  • ¥15 STM32驱动继电器
  • ¥15 Windows server update services
  • ¥15 关于#c语言#的问题:我现在在做一个墨水屏设计,2.9英寸的小屏怎么换4.2英寸大屏