Answer the question
In order to leave comments, you need to log in
S
S
Sofia Platonova2021-05-15 19:33:23
Sofia Platonova, 2021-05-15 19:33:23
Login verification is not performed. Where is the mistake?
Validation must be done on the user's side. When the focus is changed from the data entry field, the entered data should be validated and a warning about incorrectness should appear next to the field. If the login is entered incorrectly, nothing happens, and the data is quietly sent to the database. Regular expressions are written correctly.
registration.php
<div name="blockForm" class="form" id="reg">
<form name="regForm" action="registrationCheck.php" method="post">
<input type="text" name="login" class="reg_form" id="login" onblur="responseLog();" placeholder="Логин" required /><br />
<span id="errorLog" style="display: none">Логин введён некорректно! Логин должен начинаться со строчной или прописной буквы, он может содержать цифры или символы (._-\)</span>
<input type="submit" name="save" class="reg_form" id="save_reg" onclick="resetRegForm()" value="Сохранить" />
</form>
</div>registration.js
$(document).ready(function () {
function responseLog() {
$.ajax({
type: "POST",
url: "checkReg.php",
data: { action: 'login', user: $("#login").val() },
cache: false,
success: function (response) {
if (response == 'true') {
$("#errorLog").css("display", "block");
$("#errorLog").css("color", "red");
} else {
$("#login").css("background", "green");
};
}
});
};
function resetRegForm() {
$("#errorLog").css("display", "none");
};
});checkReg.php
<?php
$action = $_POST['action'];
$mysql = new mysqli ("localhost", "root", "", "yoursmilebase");
if ($action == "login") {
$row = $mysql->query("SELECT `login` FROM `users` WHERE `login` = '$action'");
if ($row) {
echo "true";
} else if (!preg_match("/^[a-zA-Z][a-zA-Z\d._-\\]{5,15}/", $action) || preg_match("/^(admin)/", $action)) {
echo "true";
} else {
echo "false";
};
}
$mysql->close;
?> 2 answer(s)
@Rsa97
Accordingly, the mysqli_result object is returned (the result of zero rows is also a correct result and the object will be returned), it is cast
In general, the logic is extremely strange. First you try to find the login in the database, and then you check it with a regex. The opposite is logical, at least in terms of runtime.
Well, train yourself to use prepared expressions with placeholders, this is the best defense against SQL injection.
@DiamondStudio
R
Rsa97, 2021-05-15 @Rsa97
mysqli::query
Returns false on failure. If the SELECT, SHOW, DESCRIBE, or EXPLAIN queries succeed, mysqli_query() will return a mysqli_result object.
Accordingly, the mysqli_result object is returned (the result of zero rows is also a correct result and the object will be returned), it is cast
if ($row)to true in the row, the condition is met, "true" is returned to the client. In general, the logic is extremely strange. First you try to find the login in the database, and then you check it with a regex. The opposite is logical, at least in terms of runtime.
Well, train yourself to use prepared expressions with placeholders, this is the best defense against SQL injection.
D
Diamond Studio, 2021-05-15 @DiamondStudio
Sending an AJAX request goes to checkRegLog.php, and the verification code itself goes to checkReg.php
Similar questions
I
S
A
M
J
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question