Php 由于密码字段,注册失败错误?
我的应用程序在尝试使用用户名和密码注册时收到Php 由于密码字段,注册失败错误?,php,json,afnetworking,Php,Json,Afnetworking,我的应用程序在尝试使用用户名和密码注册时收到注册失败错误。这些是正在使用的函数 index.php(尝试使用任何用户名或密码注册时收到注册失败警报) api.php // register API function register($user, $pass) { //check if username exists in the database (inside the "login" table) $login = query("SELECT username FROM login WHE
注册失败注册失败// register API
function register($user, $pass) {
//check if username exists in the database (inside the "login" table)
$login = query("SELECT username FROM login WHERE username='%s' limit 1", $user);
if (count($login['result'])>0) {
//the username exists, return error to the iPhone app
errorJson('Username already exists');
}
//try to insert a new row in the "login" table with the given username and password
$result = query("INSERT INTO login(username, pass) VALUES('%s','%s')", $user, $pass);
if (!$result['error']) {
//registration is susccessfull, try to also directly login the new user
login($user, $pass);
} else {
//for some database reason the registration is unsuccessful
errorJson('Registration failed');
}
}
//login API
function login($user, $pass) {
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username='%s' AND pass='%s' limit 1", $user, $pass);
if (count($result['result'])>0) {
// a row was found in the database for username/pass combination
// save a simple flag in the user session, so the server remembers that the user is authorized
$_SESSION['IdUser'] = $result['result'][0]['IdUser'];
// print out the JSON of the user data to the iPhone app; it looks like this:
// {IdUser:1, username: "Name"}
print json_encode($result);
} else {
// no matching username/password was found in the login table
errorJson('Authorization failed');
}
}
index.phpregister这样的随机字符串($\u POST['username'],$\u POST['u any\u random\u string'))时,注册和登录过程就会工作;
case "login":
//authenticates user but password isn't uploaded
login($_POST['username'], $_POST['_Any_Random_String']);
break;
//authenticates user but password isn't uploaded
case "register":
register($_POST['username'], $_POST['_Any_Random_String']);
break;
joeyjoey12341234123456781234$\u post['password']command register
username fxjzfnfx
password ®0i!0öºk}p«)ÛèGS¡{
{
"error": "Registration failed"
}
//try to insert a new row in the "login" table with the given username and password
$result = query("INSERT INTO login(username, pass) VALUES('%s','%s')", $user, $pass);
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username='%s' AND pass='%s' limit 1", $user, $pass);
//try to insert a new row in the "login" table with the given username and password
$result = query("INSERT INTO login(username, pass) VALUES('%s','%s')", $user, $pass);
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username='%s' AND pass='%s' limit 1", $user, $pass);
显然,在将密码存储到数据库之前,不会对其进行哈希运算,这是一种非常糟糕的做法。除此之外,我真的不明白你的问题是什么。你应该提供更好的细节,说明什么有效,什么无效。这看起来很奇怪,但应用程序就是这样来的。我用一个用例编辑了这个问题。基本上,当我尝试注册
register($\u POST['username',$\u POST['password')它不工作。但是,当password参数设置为空字符串时,它可以工作,但数据库中没有存储密码。您尝试过调试这个问题吗?这个查询
函数做什么?它是否检查任何错误?那么SQL注入呢?您是否考虑过保护您的代码不受SQL注入的影响?我已经检查了错误日志,看看它说了些什么。该查询应该使用给定的用户名和密码在“login”表中插入新行。它确实通过}else{//检查错误,因为某些数据库原因,注册不成功errorJson('registration failed');}
。我将在登录成功后保护代码。是的。只有用户名被发布到数据库中。我会检查Charles proxy,看看上面写了什么,然后更新问题。你说的“检查”是什么意思?这是如何解决问题的?我将用错误日志中的结果更新问题。这很奇怪,因为它根本没有在错误日志中显示任何内容。唯一显示错误的是应用程序中的警报,该警报表示注册失败。
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username='%s' AND pass='%s' limit 1", $user, $pass);
// try to match a row in the "login" table for the given username and password
$result = query("SELECT IdUser, username FROM login WHERE username=". $user . " AND pass=" . $pass ." limit 1");