0
我使用的PHP註冊腳本由PHP Form Generator提供。有很多過時的代碼,所以我不得不進入並修復它。使用PHP註冊腳本的密碼錯誤
我的問題是,我創建的第一個測試用戶工作得很好,但是我創建的所有其他測試用戶最終都將未知數組作爲密碼。
這是代碼:
<?php
include("http://wolffwebdesign.co.cc/php/global.inc.php");
$errors=0;
$error="The following errors occured while processing your form input.<ul>";
$FirstName = mysql_real_escape_string($_POST['FirstName']);
$MiddleInitial = mysql_real_escape_string($_POST['MiddleInitial']);
$LastName = mysql_real_escape_string($_POST['LastName']);
$Company = mysql_real_escape_string($_POST['Company']);
$Email = mysql_real_escape_string($_POST['Email']);
$Username = mysql_real_escape_string($_POST['Username']);
$Password = $_POST['Password'];
$resultuser = mysql_query("SELECT Username FROM members WHERE Username = '$Username'");
$resultpass = mysql_query("SELECT Password FROM members WHERE Password = '$Password'");
if($FirstName=="" || $LastName=="" || $Company=="" || $Email=="" || $Username=="" || $Password==""){
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.</li>";
}
if(!preg_match('/^[a-z\d_\.\-][email protected]([a-z\d\-]+)(?:\.(?1))+$/i',$Email)){
$error.="<li>Invalid email address entered</li>";
$errors=1;
}
$regex = '~([^A-Z0-9]+)~i'
if(!preg_match($regex, $Username) || !preg_match($regex, $Password)) {
$errors.="<li>Invalid Username or Password entered</li>";
$errors=1;
}
if($errors==1) {
echo $error;
}
if(mysql_num_rows($resultuser) == 1){
die("<li>That Username exists already</li>");
}
if(mysql_num_rows($resultpass) == 1){
die("<li>That password exists already</li>");
}
else{
if($remember == 1)
{$expire=time()+50400;
setcookie("extendedloginwwd", $Username, $expire);
}
elseif($remember == 0)
{$expire=time()+50400;
setcookie("loginwwd", $Username, $expire);
}
mkdir("home/wolffweb/www/$Username", 0755);
$where_form_is="http".($HTTP_SERVER_VARS["HTTPS"]=="on"?"s":"")."://".$SERVER_NAME.strrev(strstr(strrev($PHP_SELF),"/"));
mail("[email protected]", "New User Submission", "Name: $LastName, $FirstName, $MiddleInitial\nCompany: $Company\nEmail: $Email\nUsername: $Username\nPassword: $password\nFolder: $dirname\nErrors?: $error\n", "From: Sign Up <[email protected]>");
$link = mysql_connect("localhost","wolffweb_admin","jl10101");
mysql_select_db("wolffweb_users",$link);
$query="insert into members (First_Name,Middle_Initial,Last_Name,Company,Email,Username,Password) values ('".$FirstName."','".$MiddleInitial."','".$LastName."','".$Company."','".$Email."','".$Username."','".$Password."')";
mysql_query($query);
$make=fopen("admin/data.dat","a");
$to_put="";
$to_put .= $FirstName."|".$MiddleInitial."|".$LastName."|".$Company."|".$Email."|".$Username."|".$Password."
";
fwrite($make,$to_put);
}
?>
這是所顯示的內容:
<!-- This is the content of the Thank you page, be careful while changing it -->
<h2>Thank you!</h2>
<table width=50%>
<tr>
<td>
First Name:
</td>
<td>
<?php echo $FirstName; ?>
</td>
</tr>
<tr>
<td>
Middle Initial:
</td>
<td>
<?php echo $MiddleInitial; ?>
</td>
</tr>
<tr>
<td>
Last Name:
</td>
<td>
<?php echo $LastName; ?>
</td>
</tr>
<tr>
<td>
Company:
</td>
<td>
<?php echo $Company; ?>
</td>
</tr>
<tr>
<td>
Email:
</td>
<td>
<?php echo $Email; ?>
</td>
</tr>
<tr>
<td>
Username:
</td>
<td>
<?php echo $Username; ?>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<?php echo $Password; ?>
</td>
</tr>
</table>
<!-- Do not change anything below this line -->
<?php
{}
?>
如果,例如,我做了我的密碼hello52其中<?php echo $Password; ?>並在MySQL數據庫密碼最後成爲詞陣列,當我插入陣列在登錄形式我得到一個不正確的密碼d錯誤。我的假設是密碼最終成爲某種隨機數組。有沒有什麼辦法解決這一問題?
EDITS:
以下是表單代碼:
<form enctype="multipart/form-data" action="http://wolffwebdesign.co.cc/php/sign-up.php" method="post">
<table border="1" cellspacing="1" style="border-collapse: collapse" border="#000066" width="95%" cellpadding="5">
<tr>
<td colspan="3" bgcolor="#B5CBEF" height="17" width="100%" border="#FFFFFF" background="http://wolffwebdesign.co.cc/media/tile_back.gif">
<p align="left" class="c1"><img border="0" src="nav_m.gif" width="8" height="8" alt="triangle"><strong> Sign Up </strong></p>
</td>
</tr>
<tr>
<td colspan="3" bgcolor="#B5CBEF" height="16" width="100%" border="#FFFFFF" background="http://wolffwebdesign.co.cc/media/tile_sub.gif">
</td>
</tr>
<tr>
<td colspan="3" bgcolor="#D6DFEF" height="16" width="100%" border="#FFFFFF">
<p class="c2">* - Required</p>
<p class="c2">+ - Alpha-Neumeric only(A-Z, a-z, 0-9)
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">First Name</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="FirstName" size="25">*</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Middle Initial</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="MiddleInitial" size="1">
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Last Name</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="LastName" size="25">*</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Company</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="Company" size="25">*</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Email</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"><input type="text" name="Email" size="25">*</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Username</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"> input type="text" name="Username" size="20">*+</p>
</td>
</tr>
<tr>
<td height="30" width="55" bgcolor="#EFF3F7" border="#FFFFFF">
<img border="o" src="http://wolffwebdesign.co.cc/media/bc_new.gif" width="28" height="28" alt="triangle in a blue circle"
</td>
<td height="30" width="189" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c3">Password</p>
</td>
<td height="30" width="294" bgcolor="#EFF3F7" border="#FFFFFF">
<p class="c5"> input type="password" name="Password" size="10">*+</p>
</td>
</tr>
<tr>
<td colspan="3" bgcolor="#B5CBEF" height="25" width="538" background="tile_sub.gif">
<p align="center"><p class="c3"><input type="submit" value="Submit Form"> <input type="reset" value="Reset Form"></font>
</td>
</tr>
</table>
</form>
而且我使用mkdir()函數,因爲我希望每個用戶都有自己的目錄中包含的服務頁面中,目錄沒有被創建,有沒有辦法解決這個問題?
感謝
- 詹姆斯
。請參閱http://php.net/manual/en/security.database.sql-injection.php – mauris 2012-02-09 01:43:00
您應該使用'empty()'而不是'$ var ==「」'。 – MacMac 2012-02-09 01:43:08
你可以顯示你的表單的代碼嗎? – 2012-02-09 01:43:38