这次注册有什么问题?

时间:2022-09-20 18:53:07

Here is the form:

这是表格:

<form action="register2.php" method="post"> 
   <div class="form-group">
    <label for="username"> Username:</label>
    <input type="text" name="username" id="username" class="form-control" value="" required/>
    </div>
    <div class="form-group">
    <label for="fullname"> Full Name:</label>
    <input type="text" name="fullname" id="fullname" class="form-control" value="" placeholder="John J. Doe" required/>
    </div>
    <div class="form-group">
    <label for="email"> E-Mail:</label>
    <input type="email" name="email" id="email" class="form-control" value="" placeholder="john.doe@yahoo.com" required/>
   </div>
   <div class="form-group">
    <label for="phone"> Telephone Number:</label>
    <input type="tel" name="phone" id="phone" class="form-control" placeholder="15551234567" required/>
    </div>
    <div class="form-group">
    <label for="password"> Password:</label> 
    <input type="password" name="password" id="password" class="form-control" placeholder="password" required/>
    </div>
    <div class="form-group">
    <label for="password"> Confirm Password:</label> 
    <input type="password" name="confirmpassword" id="confirmpassword" class="form-control"  placeholder="password" required/> 
    </div>
    <div class="form-group">
    <label for="origin"> Country of Origin:</label>
    <input type="text" name="origin" id="origin" class="form-control" value="" placeholder="United States of America" required/>
    </div>
    <div class="form-group">
	<label for="dob"> Date of Birth:</label>
	<input type="date" name="dob" id="dob" class="form-control" placeholder="07/04/1776" required/>
    </div>
    <div class="form-group">
    <label for="cob"> City of Birth:</label>
    <input type="text" name="cob" id="cob" class="form-control" value="" placeholder="Philadelphia" required/>
    </div>
    <div class="form-group">
    <label for="sob"> State of Birth:</label>
    <input type="text" name="sob" id="sob" class="form-control" value="" placeholder="Pennsylvania" required/>
    </div>
    <div class="form-group">
    <label for="height"> Height:</label>
    <input type="text" name="height" id="height" class="form-control" value="" placeholder="5ft 9in" required/>
    </div>
    <div class="form-group">
    <label for="weight"> Weight:</label>
    <input type="text" name="weight" id="weight" class="form-control" value="" placeholder="160lbs" required/>
    </div>
    <div class="form-group">
    <label for="haircolor"> Hair Color:</label>
    <input type="text" name="haircolor" id="haircolor" class="form-control" value="" placeholder="blond" required/>
    </div>
    <div class="form-group">
    <label for="eyecolor"> Eye Color:</label>
    <input type="text" name="eyecolor" id="eyecolor" class="form-control" value="" placeholder="blue" required/>
    </div>
    <div class="form-group">
    <label for="currentcountry"> Current Country:</label>
    <input type="text" name="currentcountry" id="currentcountry" class="form-control" placeholder="United States of America" value="" required/>
    </div>
    <div class="form-group">
    <label for="currentcity"> Current City:</label>
    <input type="text" name="currentcity" id="currentcity" class="form-control" placeholder="Washington D.C." value="" required/>
    </div>
    <div class="form-group">
    <label for="currentstate"> Current State:</label>
    <input type="text" name="currentstate" id="currentstate" class="form-control" placeholder="District of Columbia" value="" required/>
    </div>
    <div class="form-group">
    <label for="profession"> Profession:</label>
    <input type="text" name="profession" id="profession" class="form-control" placeholder="Plumber" value="" required/>
    </div>
    <div class="form-group">
    <label for="religion"> Religion:</label>
    <input type="text" name="religion" id="religion" class="form-control" placeholder="Christian, Muslim, Buddhist, Atheist, etc" value=""/>
    </div>
    <div class="form-group">
    <label for="religion"> Political Views:</label>
    <input type="text" name="religion" id="religion" class="form-control" placeholder="Conservative, Democrat, Libertarian, etc" value=""/>
    </div>
    <div class="form-group">
    <label for="familynames"> Family Names:</label>
    <textarea name="familynames" id="familynames" class="form-control" value="" placeholder="One name per line, example:
    Doe
    Smith
    Johnson" wrap required></textarea>
    </div>
    <div class="form-group">
    <label for="immediatefamily"> Immediate Family:</label>
    <textarea name="immediatefamily" id="immediatefamily" class="form-control" value="" placeholder="One name per line, example:
    John Doe
    Jane Doe
    Jimmy Doe" wrap required></textarea>
    </div>
    <label> Privacy Type:</label>
    <p>Public, means accessible to everyone as soon as entries are submitted. Private, means entries are released at a later date.</p>
    <br\><br\>
    <div class="form-group">
    <label for="privacy"> Public: &nbsp;</label><input type="radio" name="privacy" value="public" checked="checked" required/>
    <p></p>
    <label for="privacy"> Private: &nbsp;</label><input type="radio" name="privacy" value="private" required/>
    </div>
    <br /><br /> 
    <button class="btn btn-primary btn-lg pull-right" type=submit>Register</button>
</form>

Here is the Query:

这是查询:

<?php 


require("config.php"); 

if(!empty($_POST)) 
{ 
    // Ensure that the user has entered a non-empty username 
    if(empty($_POST['username'])) 
    { 
        $error = 'Please enter a username.'; 
    } 

    // Ensure that the user has entered a non-empty password 
    if(empty($_POST['password'])) 
    { 
        $error = 'Please enter a password.'; 
    } 
    // Ensure that the user has entered the same password in confirm password 
    if ($_POST["password"] == $_POST["confirm_password"]) {
    // success!
    }
    else {
        $error = 'Your passwords did not match.';
    }

    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
    { 
        $error = 'You entered an invalid email address.'; 
    } 

    // We will use this SQL query to see whether the username entered by the 
    // user is already in use.  A SELECT query is used to retrieve data from the database. 
    // :username is a special token, we will substitute a real value in its place when 
    // we execute the query. 
    $query = " 
        SELECT 
            1 
        FROM members 
        WHERE 
            username = :username 
    "; 

    $query_params = array( 
        ':username' => $_POST['username'] 
    ); 

    try 
    { 

        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage().   
        $error = 'Failed to run query: {$ex->getMessage()}}'; 
    } 


    $row = $stmt->fetch(); 


    if($row) 
    { 
        $error = 'This username is already in use.'; 
    } 

    // Now we perform the same type of check for the email address, in order 
    // to ensure that it is unique. 
    $query = " 
        SELECT 
            1 
        FROM members 
        WHERE 
            email = :email 
    "; 

    $query_params = array( 
        ':email' => $_POST['email'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 

    catch(PDOException $ex) 
    { 
        $error = 'Failed to run query: {$ex->getMessage()}}';  
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
        $error = 'This email address is already registered.'; 
    } 

    // An INSERT query is used to add new rows to a database table. 
    // Again, we are using special tokens (technically called parameters) to 
    // protect against SQL injection attacks. 
    $query = " 
        INSERT INTO members ( 
            username, 
            password, 
            salt, 
            email,
            dob,
            politics,
            religion,
            familynames,
            profession,
            currentcity,
            cob,
            origin,
            height,
            weight,
            haircolor,
            eyecolor,
            immediatefamily,
            privacy
        ) VALUES ( 
            :username, 
            :password, 
            :salt, 
            :email,
            :dob,
            :politics,
            :religion,
            :familynames,
            :profession,
            :currentcity,
            :cob,
            :origin,
            :height,
            :weight,
            :haircolor,
            :eyecolor,
            :immediatefamily,
            :privacy
        ) 
    "; 

    // A salt is randomly generated here to protect again brute force attacks 
    // and rainbow table attacks.  The following statement generates a hex 
    // representation of an 8 byte salt.  Representing this in hex provides 
    // no additional security, but makes it easier for humans to read. 
    $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 

    // This hashes the password with the salt so that it can be stored securely 
    // in your database.  The output of this next statement is a 64 byte hex 
    // string representing the 32 byte sha256 hash of the password.  The original 
    // password cannot be recovered from the hash. 
    $password = hash('sha256', $_POST['password'] . $salt); 

    // Next we hash the hash value 65536 more times.  The purpose of this is to 
    // protect against brute force attacks.  Now an attacker must compute the hash 65537 
    // times for each guess they make against a password, whereas if the password 
    // were hashed only once the attacker would have been able to make 65537 different  
    // guesses in the same amount of time instead of only one. 
    for($round = 0; $round < 65536; $round++) 
    { 
        $password = hash('sha256', $password . $salt); 
    } 

    // Here we prepare our tokens for insertion into the SQL query.  We do not 
    // store the original password; only the hashed version of it.  We do store 
    // the salt (in its plaintext form; this is not a security risk). 
    $query_params = array( 
        ':username' => $_POST['username'], 
        ':password' => $password, 
        ':salt' => $salt, 
        ':email' => $_POST['email'], 
        ':dob' => $_POST['dob'], 
        ':politics' => $_POST['politics'], 
        ':religion' => $_POST['religion'], 
        ':familynames' => $_POST['familynames'], 
        ':profession' => $_POST['[profession'], 
        ':currentcity' => $_POST['currentcity'], 
        ':cob' => $_POST['cob'], 
        ':origin' => $_POST['origin'], 
        ':height' => $_POST['height'], 
        ':weight' => $_POST['weight'], 
        ':haircolor' => $_POST['haircolor'], 
        ':eyecolor' => $_POST['eyecolor'], 
        ':immediatefamily' => $_POST['immediatefamily'], 
        ':privacy' => $_POST['privacy']
    ); 

    try 
    { 
        // Execute the query to create the user 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        // Note: On a production website, you should not output $ex->getMessage(). 
        // It may provide an attacker with helpful information about your code.  
        $error = 'Failed to run query: {$ex->getMessage()}}';  
    } 

    // This redirects the user back to the login page after they register 
    header("Location: index.php"); 
} 

?> 

It connects fine, and it was working until I added

它连接得很好,它一直在工作,直到我添加

$query = " 
            INSERT INTO members ( 
                username, 
                password, 
                salt, 
                email,
                dob,
                politics,
                religion,
                familynames,
                profession,
                currentcity,
                cob,
                origin,
                height,
                weight,
                haircolor,
                eyecolor,
                immediatefamily,
                privacy
            ) VALUES ( 
                :username, 
                :password, 
                :salt, 
                :email,
                :dob,
                :politics,
                :religion,
                :familynames,
                :profession,
                :currentcity,
                :cob,
                :origin,
                :height,
                :weight,
                :haircolor,
                :eyecolor,
                :immediatefamily,
                :privacy
            ) 
        "; 

and

$query_params = array( 
            ':username' => $_POST['username'], 
            ':password' => $password, 
            ':salt' => $salt, 
            ':email' => $_POST['email'], 
            ':dob' => $_POST['dob'], 
            ':politics' => $_POST['politics'], 
            ':religion' => $_POST['religion'], 
            ':familynames' => $_POST['familynames'], 
            ':profession' => $_POST['[profession'], 
            ':currentcity' => $_POST['currentcity'], 
            ':cob' => $_POST['cob'], 
            ':origin' => $_POST['origin'], 
            ':height' => $_POST['height'], 
            ':weight' => $_POST['weight'], 
            ':haircolor' => $_POST['haircolor'], 
            ':eyecolor' => $_POST['eyecolor'], 
            ':immediatefamily' => $_POST['immediatefamily'], 
            ':privacy' => $_POST['privacy']
        ); 

I am guessing the problem lies withing the extra fields I added, but here is a screenshot rows:
这次注册有什么问题?

我猜测问题在于我添加的额外字段,但这里是截图行:

1 个解决方案

#1


1  

You just need to remove ':' from $query_params else everything looks okay.

你只需要从$ query_params中删除':',否则一切看起来都还可以。

$query_params = array( 
            'username' => $_POST['username'], 
            'password' => $password, 
            'salt' => $salt, 
            'email' => $_POST['email'], 
            'dob' => $_POST['dob'], 
            'politics' => $_POST['politics'], 
            'religion' => $_POST['religion'], 
            'familynames' => $_POST['familynames'], 
            'profession' => $_POST['[profession'], 
            'currentcity' => $_POST['currentcity'], 
            'cob' => $_POST['cob'], 
            'origin' => $_POST['origin'], 
            'height' => $_POST['height'], 
            'weight' => $_POST['weight'], 
            'haircolor' => $_POST['haircolor'], 
            'eyecolor' => $_POST['eyecolor'], 
            'immediatefamily' => $_POST['immediatefamily'], 
            'privacy' => $_POST['privacy']
        ); 

#1


1  

You just need to remove ':' from $query_params else everything looks okay.

你只需要从$ query_params中删除':',否则一切看起来都还可以。

$query_params = array( 
            'username' => $_POST['username'], 
            'password' => $password, 
            'salt' => $salt, 
            'email' => $_POST['email'], 
            'dob' => $_POST['dob'], 
            'politics' => $_POST['politics'], 
            'religion' => $_POST['religion'], 
            'familynames' => $_POST['familynames'], 
            'profession' => $_POST['[profession'], 
            'currentcity' => $_POST['currentcity'], 
            'cob' => $_POST['cob'], 
            'origin' => $_POST['origin'], 
            'height' => $_POST['height'], 
            'weight' => $_POST['weight'], 
            'haircolor' => $_POST['haircolor'], 
            'eyecolor' => $_POST['eyecolor'], 
            'immediatefamily' => $_POST['immediatefamily'], 
            'privacy' => $_POST['privacy']
        );