1. 首页
  2. 问答
  3. 密码验证将不允许在php中的空格

密码验证将不允许在php中的空格

2017-09-26 39 views
-1

我在我的应用程序中有一个密码字段。我使用了欧芹验证。但是,除了必填字段之外,我没有给出任何验证。所以它允许所有角色。但是,我想清理密码并且不允许用户添加空格。如果他们尝试了,则应该显示一条错误消息。密码字段应至少包含1个数字。密码验证将不允许在php中的空格

这里是我的代码:

<?php 
require('../config.php'); 
if(!isset($_SESSION['can_access']) || $_SESSION['can_access'] !== true) 
    header('Location: login.php'); 
ob_start(); 
global $DB, $USER; 
$id=$USER->id; 
$clientid=$_GET['id']; 

$errorMessage = ''; 
$successMessage = ''; 
if(isset($_SESSION['successMessage'])) 
    { 
     $successMessage = $_SESSION['successMessage']; 
     unset($_SESSION['successMessage']); 
    } 
if(isset($_POST['register'])) { 
    $errors = array(); 
    $data = array(); 
    $chk_sql = "SELECT * FROM {user} u where username = ?"; 
    if (!empty($chk_sql)) { 
     $errorMessage='Username already taken'; 
    } 
    if(!$chk_username = $DB->get_record_sql($chk_sql, array($_POST['username']))) 
     { 
      $insert_record = new stdClass(); 
      $insert_record->username = $_POST['username']; 
      $insert_record->firstname = $_POST['firstname']; 
      $insert_record->email = $_POST['email']; 
      $insert_record->password = password_hash($_POST['password'], PASSWORD_DEFAULT); 
      $insert_record->mnethostid = 1; 
      $insert_record->confirmed = 1; 
      $insert_record->idnumber = 2;  
      $insert_record->maildisplay = $clientid; 
      //$insert_record->timecreated = date('Y-m-d'); 
      if($result = $DB->insert_record('user', $insert_record)) 
       { 
        $_SESSION['successMessage'] = "record created successfully"; 
        header('Location: clients.php'); 

       } 
     } 
} 
?>

这里是我的密码键:

<div class="form-group has-feedback"> 
<input id="signupInputPassword" type="password" name="password" placeholder="Password" autocomplete="off" required class="form-control" > 
<span class="fa fa-lock form-control-feedback text-muted"></span> 
</div>

谁能帮助我?

在此先感谢。

来源

2017-09-26 user200

+0

在那里我必须添加这一行 – user200

+2

为什么你不想让空格?我强烈建议阅读有关良好安全实践的主题,例如[OWASP的身份验证备忘单](https://www.owasp.org/index.php/Authentication_Cheat_Sheet) – DaveyDaveDave

+0

是的......但是当我告诉同样的问题时事情给我的经理..他告诉不,我们不允许他告诉这样的空间..thats'y .. – user200

回答

2 
if (isset($_POST['register'])) { 

$password = $_POST['password']; 

if (preg_match('/\s/', $password)) { 

    echo "password has whitespace"; 

} else { 

    if (strlen($password) <= '8') { 
     echo "Your Password Must Contain At Least 8 Characters!"; 
    } elseif (!preg_match("#[0-9]+#", $password)) { 
     echo "Your Password Must Contain At Least 1 Number!"; 
    } elseif (!preg_match("#[A-Z]+#", $password)) { 
     echo "Your Password Must Contain At Least 1 Capital Letter!"; 
    } elseif (!preg_match("#[a-z]+#", $password)) { 
     echo "Your Password Must Contain At Least 1 Lowercase Letter!"; 
    } 

    $errors = array(); 
    $data = array(); 
    $chk_sql = "SELECT * FROM {user} u where username = ?"; 
    if (!empty($chk_sql)) { 
     $errorMessage = 'Username already taken'; 
    } 
    if (!$chk_username = $DB->get_record_sql($chk_sql, array($_POST['username']))) { 
     $insert_record    = new stdClass(); 
     $insert_record->username = $_POST['username']; 
     $insert_record->firstname = $_POST['firstname']; 
     $insert_record->email  = $_POST['email']; 
     $insert_record->password = password_hash($_POST['password'], PASSWORD_DEFAULT); 
     $insert_record->mnethostid = 1; 
     $insert_record->confirmed = 1; 
     $insert_record->idnumber = 2; 
     $insert_record->maildisplay = $clientid; 
     //$insert_record->timecreated = date('Y-m-d'); 
     if ($result = $DB->insert_record('user', $insert_record)) { 
      $_SESSION['successMessage'] = "record created successfully"; 
      header('Location: clients.php'); 

     } 
    } 
} 

}

来源

2017-09-26 08:40:16

+0

行..如果我想添加一个特殊的数字和一个特殊的字符必须如何添加。像错误信息一样,如果他们没有添加数字和特殊字符,它必须抛出错误 – user200

+0

好吧。我正在编辑这个答案,用一些密码验证检查它。 –

+0

和我需要字数限制只有20 – user200

相关问题

 相关问题