我有这段 html 代码:
<form action="register.php" method="post">
Email: <input type="text" name="email" /><br />
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="p" id="password" /><br />
<input type="button" value="Register" onclick="formhash(this.form, this.form.password);" />
</form>
按下注册按钮后,将调用加密并立即加密密码。我认为这将是一种非常好的和安全的方法,但是我似乎无法检查名为“p”的 passworld 字段是否为空,因为如果用户在注册时将该字段留空,则加密会加密空字段,因此它不再是空的。我需要一种方法来检查用户是否将“p”字段留空,因为不可能使用 0 个字符创建密码。
我知道这个问题可以通过 javascript 解决,但是我需要一种安全的方法来检查该字段是否为空,因此我想获得一个 PHP 解决方案。
register.php:
<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript" src="forms.js"></script>
<?php
include 'db_connect.php';
//Just to check that the p field is encrypted already at this point.
echo $_POST['p'];
// The username
$username = $_POST['username'];
// The email
$email = $_POST['email'];
// The hashed password from the form
$password = $_POST['p'];
// Create a random salt
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Create salted password (Careful not to over season)
$password = hash('sha512', $password.$random_salt);
// Add your insert to database script here.
// Make sure you use prepared statements!
if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
// Execute the prepared query.
$insert_stmt->execute();
}
?>