Php 带有POST方法的表单仍然使用GET
我正在为我正在制作的网站制作一个用户登录/注册系统。在Php 带有POST方法的表单仍然使用GET,php,html,forms,authentication,Php,Html,Forms,Authentication,我正在为我正在制作的网站制作一个用户登录/注册系统。在/register页面中,我有一个表单,它应该使用POST方法,尽管它似乎在使用GET。单击“注册”后,它会转到以下URL:http://localhost:8080/zoweb/register/?first_name=my+first+name&last\u name=my+last+name&username=my+username&email=my%40email.com&password=my+password&confirm\u
/register
页面中,我有一个表单,它应该使用POST
方法,尽管它似乎在使用GET
。单击“注册”后,它会转到以下URL:http://localhost:8080/zoweb/register/?first_name=my+first+name&last\u name=my+last+name&username=my+username&email=my%40email.com&password=my+password&confirm\u password=my+password®ister=Sign+Up
。据我所知,我没有在这个页面上使用任何JavaScript,这会影响到这一点
表格:
<form action="register.php" method="post">
<table>
<tr>
<td>First name:</td><td><input type="text" name="first_name" placeholder="John"/></td>
</tr>
<tr>
<td>Last name:</td><td><input type="text" name="last_name" placeholder="Smith"/></td>
</tr>
<tr>
<td>Username:</td><td><input type="text" name="username" placeholder="Smithton"/></td>
</tr>
<tr>
<td>Email:</td><td><input type="email" name="email" placeholder="john@smith.family"/></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" name="password" placeholder="•••••••••••"/></td>
</tr>
<tr>
<td>Confirm password:</td><td><input type="password" name="confirm_password" placeholder="•••••••••••"/></td>
</tr>
</table>
<ul class="actions">
<li><input name="register" value="Sign Up" type="submit" class="button special" /></li>
</ul>
</form>
我认为,出于某种原因,
register.php
可能会返回到index.php
,但我不这么认为,因为register.php
没有对表单中的内容进行任何重定向。可能只是浏览器缓存问题?不,我在Chrome、Firefox、Edge和IE上尝试过,是的,表单字段将发布到register.php。另一方面:使用
使表单字段具有可访问性。在PHP代码中,在设置变量之前添加一个条件,例如:if(isset($\u POST['password']){$password=$\u POST['password'];}
$query=“SELECT*FROM
用户`WHERE用户名
是'”$联塞特派团。"';";` 你为什么写是而不是=
我想知道。。。另外,您使用的是MySQLi,但您没有使用预先准备好的语句,因此您有一个主要的安全整体!我可以在2秒钟内破解该表单。是的-一旦我将其放到web上,我将修复所有的安全问题,是
只是我忘记了你使用的是=
而不是是
。还有,你不能只做$password=(isset($\u POST['password'])吗$_POST['password']:空
?
<?php
if (isset($_POST['register'])) {
$fname = $_POST['first_name'];
$lname = $_POST['last_name'];
$uname = $_POST['username'];
$password = $_POST['password'];
$confpass = $_POST['confirm_password'];
$email = $_POST['email'];
$good = 1;
include('../connect.php');
if (!$fname) {
redir('./?error=first_name&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
if (!$email) {
redir('./?error=email&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
} elseif (filter_var($email, FILTER_VALIDATE_EMAIL)) {
redir('./?error=email&errormsg=Invalid email.&showLogin=true');
$good = 0;
}
if (!$lname) {
redir('./?error=last_name&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
if (!$uname) {
redir('./?error=username&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
if (!$password) {
redir('./?error=password&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
if ($confpass != $password) {
redir('./?error=confirm_password&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
function redir($url)
{
header('Location: ' . $url);
}
if ($good == 1) {
echo "Good.";
$passwordhashoptions = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
$passhash = password_hash($password, PASSWORD_BCRYPT, $passwordhashoptions);
$query = "SELECT * FROM `users` WHERE `username` IS '" . $uname . "';";
$mysqli_result = $mysqli->query($query);
echo "Result: " . $mysqli_result;
if ($mysqli_result === FALSE) {
$query = "INSERT INTO `webauth`.`users` (`username`, `first_name`, `last_name`, `email`, `password`) VALUES ('" . $uname . "', '" . $fname . "', '" . $lname . "', '" . $email . "', '" . $passhash . "');";
$mysqli->query($query);
$emailcontent = "<style>
#div {
width:600px;
margin-left:auto;
margin-right:auto;
background-color: #cafff8;
padding:5px;
border-radius:10px;
font-family:sans-serif;
}
</style>
<div id='div'>Thankyou for registering at Zoweb. To confirm your account, just click the link below:<br><a href='http://localhost:8080/zoweb/register/confirm.php?code=xxx' style='color:black;text-decoration:underline;'>Verify</a></a></div>";
$to = $email;
$subject = "Confirm your account on Zoweb\r\n";
$headers = "From: no-reply@zoweb.me\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
mail($to, $subject, $emailcontent, $headers);
header('Location: ./?error=none&errormsg=Please check your emails for confirmation.&showLogin=false&fname=' . $fname);
} else {
redir('./?error=fname');
}
}
$mysqli->close();
}