我使用的PHP注册脚本由PHP Form Generator提供。有很多过时的代码,所以我不得不进入并修复它。使用PHP注册脚本的密码错误
我的问题是,我创建的第一个测试用户工作得很好,但是我创建的所有其他测试用户最终都将未知数组作为密码。
这是代码:
<?php
include("http://wolffwebdesign.co.cc/php/global.inc.php");
$errors=0;
$error="The following errors occured while processing your form input.<ul>";
$FirstName = mysql_real_escape_string($_POST['FirstName']);
$MiddleInitial = mysql_real_escape_string($_POST['MiddleInitial']);
$LastName = mysql_real_escape_string($_POST['LastName']);
$Company = mysql_real_escape_string($_POST['Company']);
$Email = mysql_real_escape_string($_POST['Email']);
$Username = mysql_real_escape_string($_POST['Username']);
$Password = $_POST['Password'];
$resultuser = mysql_query("SELECT Username FROM members WHERE Username = '$Username'");
$resultpass = mysql_query("SELECT Password FROM members WHERE Password = '$Password'");
if($FirstName=="" || $LastName=="" || $Company=="" || $Email=="" || $Username=="" || $Password==""){
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.</li>";
}
if(!preg_match('/^[a-z\d_\.\-][email protected]([a-z\d\-]+)(?:\.(?1))+$/i',$Email)){
$error.="<li>Invalid email address entered</li>";
$errors=1;
}
$regex = '~([^A-Z0-9]+)~i'
if(!preg_match($regex, $Username) || !preg_match($regex, $Password)) {
$errors.="<li>Invalid Username or Password entered</li>";
$errors=1;
}
if($errors==1) {
echo $error;
}
if(mysql_num_rows($resultuser) == 1){
die("<li>That Username exists already</li>");
}
if(mysql_num_rows($resultpass) == 1){
die("<li>That password exists already</li>");
}
else{
if($remember == 1)
{$expire=time()+50400;
setcookie("extendedloginwwd", $Username, $expire);
}
elseif($remember == 0)
{$expire=time()+50400;
setcookie("loginwwd", $Username, $expire);
}
mkdir("home/wolffweb/www/$Username", 0755);
$where_form_is="http".($HTTP_SERVER_VARS["HTTPS"]=="on"?"s":"")."://".$SERVER_NAME.strrev(strstr(strrev($PHP_SELF),"/"));
mail("[email protected]", "New User Submission", "Name: $LastName, $FirstName, $MiddleInitial\nCompany: $Company\nEmail: $Email\nUsername: $Username\nPassword: $password\nFolder: $dirname\nErrors?: $error\n", "From: Sign Up <[email protected]>");
$link = mysql_connect("localhost","wolffweb_admin","jl10101");
mysql_select_db("wolffweb_users",$link);
$query="insert into members (First_Name,Middle_Initial,Last_Name,Company,Email,Username,Password) values ('".$FirstName."','".$MiddleInitial."','".$LastName."','".$Company."','".$Email."','".$Username."','".$Password."')";
mysql_query($query);
$make=fopen("admin/data.dat","a");
$to_put="";
$to_put .= $FirstName."|".$MiddleInitial."|".$LastName."|".$Company."|".$Email."|".$Username."|".$Password."
";
fwrite($make,$to_put);
}
?>
这是所显示的内容:
<!-- This is the content of the Thank you page, be careful while changing it -->
<h2>Thank you!</h2>
<table width=50%>
<tr>
<td>
First Name:
</td>
<td>
<?php echo $FirstName; ?>
</td>
</tr>
<tr>
<td>
Middle Initial:
</td>
<td>
<?php echo $MiddleInitial; ?>
</td>
</tr>
<tr>
<td>
Last Name:
</td>
<td>
<?php echo $LastName; ?>
</td>
</tr>
<tr>
<td>
Company:
</td>
<td>
<?php echo $Company; ?>
</td>
</tr>
<tr>
<td>
Email:
</td>
<td>
<?php echo $Email; ?>
</td>
</tr>
<tr>
<td>
Username:
</td>
<td>
<?php echo $Username; ?>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<?php echo $Password; ?>
</td>
</tr>
</table>
<!-- Do not change anything below this line -->
<?php
{}
?>
如果,例如,我做了我的密码hello52其中<?php echo $Password; ?>
并在MySQL数据库密码最后成为词阵列,当我插入阵列在登录形式我得到一个不正确的密码d错误。我的假设是密码最终成为某种随机数组。有没有什么办法解决这一问题?
EDITS:
以下是表单代码:
<form enctype="multipart/form-data" action="http://wolffwebdesign.co.cc/php/sign-up.php" method="post">
<table border="1" cellspacing="1" style="border-collapse: collapse" border="#000066" width="95%" cellpadding="5">
<tr>
<td colspan="3" bgcolor="#B5CBEF" height="17" width="100%" border="#FFFFFF" background="http://wolffwebdesign.co.cc/media/tile_back.gif">
<p align="left" class="c1"><img border="0" src="nav_m.gif" width="8" height="8" alt="triangle"><strong> Sign Up </strong></p>
</td>
</tr>
<tr>
<td colspan="3" bgcolor="#B5CBEF" height="16" width="100%" border="#FFFFFF" background="http://wolffwebdesign.co.cc/media/tile_sub.gif">
</td>
</tr>
<tr>
<td colspan="3" bgcolor="#D6DFEF" height="16" width="100%" border="#FFFFFF">
<p class="c2">* - Required</p>
<p class="c2">+ - Alpha-Neumeric only(A-Z, a-z, 0-9)
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">First Name</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="FirstName" size="25">*</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Middle Initial</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="MiddleInitial" size="1">
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Last Name</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="LastName" size="25">*</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Company</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="Company" size="25">*</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Email</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="Email" size="25">*</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Username</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"> input type="text" name="Username" size="20">*+</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Password</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"> input type="password" name="Password" size="10">*+</p>
</td>
</tr>
<tr>
<td colspan="3" bgcolor="#B5CBEF" height="25" width="538" background="tile_sub.gif">
<p align="center"><p class="c3"><input type="submit" value="Submit Form"> <input type="reset" value="Reset Form"></font>
</td>
</tr>
</table>
</form>
而且我使用mkdir()函数,因为我希望每个用户都有自己的目录中包含的服务页面中,目录没有被创建,有没有办法解决这个问题?
感谢
- 詹姆斯
。请参阅http://php.net/manual/en/security.database.sql-injection.php – mauris 2012-02-09 01:43:00
您应该使用'empty()'而不是'$ var ==“”'。 – MacMac 2012-02-09 01:43:08
你可以显示你的表单的代码吗? – 2012-02-09 01:43:38