1. 首页
  2. 问答
  3. 提交表单后,网页上没有显示php回声

提交表单后,网页上没有显示php回声

2015-06-22 31 views
-1

我在此网页上使用了基金会5和php。提交表单后,网页上没有显示php回声

当我进入网页并填写所有空格并按下创建帐户时,网页上没有任何回声出现。该页面只是刷新,只是使一个新的页面,如果我刚刚重新加载页面。没有文字显示,并且没有任何功能正在工作。

这里是我的代码:

<?php 

error_reporting(0); 
@ini_set('display_errors', 0); 

?> 
<!doctype html> 
<html class="no-js" lang="en"> 
<head> 
    <meta charset="utf-8" /> 
    <meta name="viewport" content="width=device-width, initial-scale=1.0" /> 
    <title>AskmanProducts</title> 
    <link rel="stylesheet" href="css/foundation.css" /> 
    <script src="js/vendor/modernizr.js"></script> 
    <script src="js/signinvaldator.js"></script> 
</head> 
<body> 
<?php 

if ($_POST['registerbtn']) { 
    $getuser = $_POST['user']; 
    $getemail = $_POST['email']; 
    $getpass = $_POST['pass']; 
    $getconfirmpass = $_POST['confirmpass']; 

    if ($getuser) { 
     if ($getemail) { 
      if ($getpass){ 
       if ($getconfirmpass) { 
        if ($getpass === $getconfirmpass) { 
         if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) { 
          require ("connect.php"); 

          $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
          $numrows = mysql_num_rows($query); 
          if ($numrows == 0) { 
           $query = mysql_query("SELECT * FROM users WHERE email='$getemail'"); 
           $numrows = mysql_num_rows($query); 
           if ($numrows == 0) { 

            $password = md5(md5("kjfiufj".$getpass."Fj56fj")); 
            $date = date("F d, Y"); 
            $code = md5(rand()); 

            mysql_query("INSERT INTO users VALUES (
             '', '$getuser', '$password', '$getemail', '0', '$code', '$date' 
            )"); 

            $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
            $numrows = mysql_num_rows($query); 
            if ($numrows == 1) { 

             $site = "http://localhost/Projects/project"; 
             $webmaster = "[email protected]"; 
             $headers = "From: $webmaster"; 
             $subject = "Activate Your Account"; 
             $message = "Thanks For Registering. Click The Link Below To Activate Your Account.\n"; 
             $message .= "$site/activate.php?user=$getuser&code=$code\n"; 
             $message .= "You Must Activate Your Account To Login."; 

             if (mail($getemail, $subject, $message, $headers)) { 
              echo "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>"; 
              $getuser = ""; 
              $getemail = ""; 
             } 
             else { 
              echo "An error has occured. You activation email was not sent."; 
             } 

            } 
            else { 
             echo "An error has occured. Your account was not created."; 
            } 

           } 
           else { 
            echo "There is already a user with that email."; 
           } 
          } 
          else { 
           echo "There is already a user with that username."; 
          } 

          mysql_close(); 
         } 
         else { 
          echo "You must enter a valid email address to register."; 
         } 
        } 
        else { 
         echo "Your password do not match."; 
        } 
       } 
       else { 
        echo "You must confirm your password to register."; 
       } 
      } 
      else { 
       echo "You must enter your password to register."; 
      } 
     } 
     else { 
      echo "You must enter your email to register."; 
     } 
    } 
    else { 
     echo "You must enter your username to register."; 
    } 
} 
else { 

} 

$form = "<form action='register.php' method='post'> 
<div class='row' style='margin-top:10%'> 
    <div align='center'><h2>Create an Account</h2></div> 
     <br /> 
     <div class='medium-6 medium-centered large-centered large-6 columns'> 
      <form data-abide> 
       <div class='name-field'> 
       <label>Username</label> 
       <input type='text' name='user' value='$getuser'></input> 

       <div class='email-field'> 
       <label>Email</label> 
       <input type='email' name='email' value='$getemail'></input> 

       <label for='password'>Password</label> 
       <input type='password' name='pass' value=''></input> 

       <label for='confirmPassword'>Confirm Password</label> 
       <input type='password' name='confirmpass' value=''></input> 
      <br /> 
      <br />   
      <button type='submit' name='registerbtn'>Create Account</button> 
      <a href='login.php' class='button'>Log In</a> 
      <br /> 

     </form> 
    </div> 
</div> 

<script src='js/vendor/jquery.js'></script> 
<script src='js/foundation.min.js'></script> 
<script> 
$(document).foundation(); 
</script> 
</form>"; 

echo $form; 

?> 
</body> 
</html>

来源

2015-06-22 Stephen Kim

+1

,这完全不能帮助你'error_reporting(0); @ini_set('display_errors',0);'this does'error_reporting(E_ALL); ini_set('display_errors',1);'和你的代码是完全不安全的。 –

+1

MD5被加密破坏,MySQL _ *()被弃用,并且容易受到SQL注入的影响。 –

+0

好吧,我正在跟着一个教程,所以也许它是因为这是过时的。 –

回答

1

在窗体中有行动= 'register.php' 作为其目标。当你这样做时,通过按提交按钮,页面将跳转到register.php,然后给你的错误检查代码任何机会发射。

我建议你使用

action='<?php echo $_SERVER['PHP_SELF']; ?>'

,使您的提交按钮,让你在同一页上,那么当你的错误检查过程中通过,使用:

header('Location: register.php');

要么,或通过各你的POST变量到register.php进行错误检查。

来源

2015-06-22 19:59:30 tllewellyn

+0

[什么是PHP_SELF漏洞利用以及如何避免它们](http://www.html-form-guide.com/php-form/php-form-action-self.html) – D4V1D

0

在这个解决方案中,我已经改变了你的代码,但我一直在我的网站上使用这个逻辑。我将解释它下面的代码。

注:

我没有检查您的处理,但没有测试......从你得到关于编程的过时信息的初步意见来看。您的mysql查询代码已过时并且已折旧,您应该使用参数化查询,如@Dave在此答案下的评论中指出的那样。

我建议你去YouTube并搜索pdo教程来学习查询mysql的现代方法。提供的代码显示了如何通过jQuery和处理php文件处理表单。

HTML & jQuery的

<!doctype html> 
<html class="no-js" lang="en"> 
<head> 
    <meta charset="utf-8" /> 
    <meta name="viewport" content="width=device-width, initial-scale=1.0" /> 
    <title>AskmanProducts</title> 
    <link rel="stylesheet" href="css/foundation.css" /> 
    <script src="js/vendor/modernizr.js"></script> 
    <script src="js/signinvaldator.js"></script> 
</head> 
<body> 

<input type="hidden" name="processRegistrationURL" value="register.php"> 

<div id="showRegistrationResults" class="row" style="margin-top:10%"> 
    <div align="center"><h2>Create an Account</h2></div> 
     <br /> 
     <div class="medium-6 medium-centered large-centered large-6 columns"> 
      <form data-abide> 
       <div class="name-field"> 
       <label>Username</label> 
       <input type="text" is="user" name="user" value="$getuser"></input> 

       <div class="email-field"> 
       <label>Email</label> 
       <input type="email" id="email" name="email" value="$getemail"></input> 

       <label for="password">Password</label> 
       <input type="password" id="pass" name="pass" value=""></input> 

       <label for="confirmPassword">Confirm Password</label> 
       <input type="password" id="confirmpass" name="confirmpass" value=""></input> 
      <br /> 
      <br />   
      <button type="submit" id="registerbtn" name="registerbtn">Create Account</button> 
      <a href="login.php" class="button">Log In</a> 
      <br /> 
    </div> 
</div> 


<script src='js/vendor/jquery.js'></script> 
<script src='js/foundation.min.js'></script> 
<script> 
$(document).foundation(); 
</script> 
<script> 
$(function() { 
$("#registerbtn").click(function(){ 
     var url = $('#processRegistrationURL').val();  
     var user = $('#user').val(); 
     var email = $('#email').val(); 
     var pass = $('#pass').val(); 
     var confirmpass = $('#confirmpass').val();  
     var postit = $.post(url, { 
      user:user, 
      email:email, 
      pass:pass, 
      confirmpass:confirmpass   
     });  
     postit.done(function(data) { 
     var result = data.split('|'); 
     if(result[0] == 1){alert(result[1]);} 
     else if(result[0] == 2){ 
     $('#showRegistrationResults').html(result[1]); 
     }  
     });  
    }); 
}); 
</script 
</body> 
</html>

没有表单标签...的形式处理上register.php处理存储在一个隐藏的输入<input type="hidden" name="processRegistrationURL" value="register.php">

我已经加入id给每个窗体和提交按钮。

register.php 
$getuser = $_POST['user']; 
    $getemail = $_POST['email']; 
    $getpass = $_POST['pass']; 
    $getconfirmpass = $_POST['confirmpass']; 

    if ($getuser) { 
     if ($getemail) { 
      if ($getpass){ 
       if ($getconfirmpass) { 
        if ($getpass === $getconfirmpass) { 
         if (!filter_var($email, FILTER_VALIDATE_EMAIL) === false) { 
          require ("connect.php"); 

          $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
          $numrows = mysql_num_rows($query); 
          if ($numrows == 0) { 
           $query = mysql_query("SELECT * FROM users WHERE email='$getemail'"); 
           $numrows = mysql_num_rows($query); 
           if ($numrows == 0) { 

            $password = md5(md5("kjfiufj".$getpass."Fj56fj")); 
            $date = date("F d, Y"); 
            $code = md5(rand()); 

            mysql_query("INSERT INTO users VALUES (
             '', '$getuser', '$password', '$getemail', '0', '$code', '$date' 
            )"); 

            $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
            $numrows = mysql_num_rows($query); 
            if ($numrows == 1) { 

             $site = "http://localhost/Projects/project"; 
             $webmaster = "[email protected]"; 
             $headers = "From: $webmaster"; 
             $subject = "Activate Your Account"; 
             $message = "Thanks For Registering. Click The Link Below To Activate Your Account.\n"; 
             $message .= "$site/activate.php?user=$getuser&code=$code\n"; 
             $message .= "You Must Activate Your Account To Login."; 

             if (mail($getemail, $subject, $message, $headers)) { 
              echo "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>"; 
              $getuser = ""; 
              $getemail = ""; 
             } 
             else { 
              echo "2|An error has occurred. You activation email was not sent. Please refresh this page and try again. If this issue persists please contact administration."; 
             } 

            } 
            else { 
             echo "2|An error has occurred. Your account was not created. Please refresh this page and try again. If this issue persists please contact administration."; 
            } 

           } 
           else { 
            echo "1|There is already a user with that email."; 
           } 
          } 
          else { 
           echo "1|There is already a user with that username."; 
          } 

          mysql_close(); 
         } 
         else { 
          echo "1|You must enter a valid email address to register."; 
         } 
        } 
        else { 
         echo "1|Your password do not match."; 
        } 
       } 
       else { 
        echo "1|You must confirm your password to register."; 
       } 
      } 
      else { 
       echo "1|You must enter your password to register."; 
      } 
     } 
     else { 
      echo "1|You must enter your email to register."; 
     } 
    } 
    else { 
     echo "1|You must enter your username to register."; 
    } 
    else { 
     echo "2|WHATEVER YOU WANT TO RENDER IN #showRegistrationResults"; 
    }

当点击了按钮它触发继而通过表单提交到register.php

您将在每个通知回声有一个1或2与jQuery管道。 echo "1|You must enter your password to register.php";回声将作为数据返回到jQuery。

然后,jQuery在管道(|)处分割数据。如果result[0] == 1 jQuery触发一个警告,使表单完好无损以进行更正。如果result[0] == 2 jQuery将替换内容#showRegistrationResults包装窗体(它将替换窗体)与通过回声返回的数据。

回顾register.php的回声。前两个将该表格替换为处理过程中发生的错误。所有其他返回警报消息。

您可以根据需要切换这些。

提高您的密码安全

可以提高用下面的代码您的密码安全:

$hash_key = trim(file_get_contents('PATH-TO/key.dat')); 
$password = hash_hmac('sha512', $getpass, $hash_key);

key.dat只包含一个键:例如:72093OT7Yw6g0925T9Ly07G6y7WhI2v5

希望这有助于

皮特

来源

2015-06-25 12:12:10 petebolduc

+2

“提供的代码在无数网站“。如果这是真的,那么你有许多网站都容易受到SQL注入。 – Dave

+0

@Dave请解释代码的漏洞方面。我当然不想共享和/或运行易受攻击的代码。我在自我教育和理论领域缺乏。我遵守本网站上的答案的工作代码。 – petebolduc

+1

不应使用mysql_query,因为它已被弃用(http://php.net/manual/en/function.mysql-query.php)。切换到mysqli_query。此外,您的输入(来自表单数据)在SQL中使用之前未经过清理。 (并且不要依赖于客户端的安全性,因为客户端可以绕过服务器端。您还应该切换到使用参数化查询以获得额外保护。 – Dave

相关问题

 相关问题