堆栈内存溢出
  繁体   English   中英

注册和登录表格

[英]Registration and Log in form

 原文  2013-03-13 12:46:59       php/ mysql

问题描述

我已经创建了注册表单,该表单通过电子邮件发送链接,您必须单击该链接才能成功注册,这使您必须登录。问题是我无法登录,而其他一切正常精细。 在下面,您将找到我的register.php,activation.php和login.php。 任何帮助都会很棒。

行动= register.php 

if ($_GET['action'] == 'register') {
   if(isset($_POST['formsubmitted'])){
       $error = array();
   if(empty($_POST['username'])){
       $error[] = 'Please enter a username';
   }else{
       $username = $_POST['username'];
    }
  if(empty($_POST['email'])){
      $error[] = 'Please enter a mail';
  }else{
      if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) {
      $email = $_POST['email'];
  }else{
      $error[] = 'Your mail is invalid';
  }
}
if (empty($_POST['password'])){
    $error[] = 'Please enter a password';
}else{
    $password = $_POST['password'];
    $password = md5(uniqid(rand(),true));
}
if (empty($error)){
    $verify_email = "SELECT * FROM members WHERE email = '$email'";
    $result_verify_email = mysql_query($verify_email,$lnk);
 if (!$result_verify_email){
    echo 'Database error';
 }
 if (mysql_fetch_assoc($result_verify_email) == 0){
    $activationCode = md5(uniqid(rand(),true));
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)";
    $result_insert_users = mysql_query($insert_users,$lnk);
      if(!$result_insert_users){
         echo 'Database error';
      }
      if(mysql_affected_rows($lnk) == 1){
         $message = 'To activate your account, please click on this link:\n\n";';
         $message .= WEBSITE_URL . '/index.php?                page=activation&action=activation&key='.$activationCode;
         mail(
              $email,
              'Registration Confirmation',
               $message,
              'FROM:' . EMAIL
             );
         echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link';
     }else {
         echo 'You could not be registered';
      }
     }else {
        echo 'That email address has already been registered.</div>';
    }

行动=激活 

if ($_GET['action'] == 'invitation') {

    if (!empty($_GET['key'])){
        //thelw na eleksw an afto to key uparxei sto tabale members
        $sql = "SELECT * FROM members WHERE activationCode = '".$_GET['key']."'";
        $result=mysql_query($sql,$lnk);
        $user=  mysql_fetch_assoc($result);

        if(!empty($user)){
            //edw tha energopoiisw ton xristi
            $sql = "UPDATE members SET flag=1 WHERE username = '".$user['username']."'";
            mysql_query($sql,$lnk); 
        }else{
            echo "this is WRONG";
        }
    }else{
        echo 'No key';
    }

}

动作=登录 

if ($_GET['action'] == 'login') {
         $error = array();
         if (empty($_POST['username'])) {
            $error[] = 'You forgot to enter your username ';
         } else{
             $username = $_POST['username'];
           }
        if (empty($_POST['password'])) {
            $error[] = 'Please Enter Your Password ';
        } else {
            $password = $_POST['password'];
            $password = md5(uniqid(rand(),true));
        }

            $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' ";
            $result_check_credentials = mysql_query($check_credentials,$lnk);
            $user_check_credentials = mysql_fetch_assoc($result_check_credentials);

            if(!empty($user_check_credentials)){
                $_SESSION['Auth'] = $user_check_credentials['username'];
                header('location:index.php?page=home');
            }else{
                $message = '<img src="css/photos/zzzdoop.png"> ';
                $_SESSION['Auth'] = false;
            }

  } elseif ($_GET['action'] == 'logout') {
        $_SESSION['Auth'] = false;
    }

3 个解决方案

解决方案1
 1 已采纳  2013-03-13 12:54:13

您输入的密码有误。

使用以下代码 

if ($_GET['action'] == 'register') {
   if(isset($_POST['formsubmitted'])){
       $error = array();
   if(empty($_POST['username'])){
       $error[] = 'Please enter a username';
   }else{
       $username = $_POST['username'];
    }
  if(empty($_POST['email'])){
      $error[] = 'Please enter a mail';
  }else{
      if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) {
      $email = $_POST['email'];
  }else{
      $error[] = 'Your mail is invalid';
  }
}
if (empty($_POST['password'])){
    $error[] = 'Please enter a password';
}else{
    $password = md5($_POST['password']);

}
if (empty($error)){
    $verify_email = "SELECT * FROM members WHERE email = '$email'";
    $result_verify_email = mysql_query($verify_email,$lnk);
 if (!$result_verify_email){
    echo 'Database error';
 }
 if (mysql_fetch_assoc($result_verify_email) == 0){
    $activationCode = md5(uniqid(rand(),true));
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)";
    $result_insert_users = mysql_query($insert_users,$lnk);
      if(!$result_insert_users){
         echo 'Database error';
      }
      if(mysql_affected_rows($lnk) == 1){
         $message = 'To activate your account, please click on this link:\n\n";';
         $message .= WEBSITE_URL . '/index.php?                page=activation&action=activation&key='.$activationCode;
         mail(
              $email,
              'Registration Confirmation',
               $message,
              'FROM:' . EMAIL
             );
         echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link';
     }else {
         echo 'You could not be registered';
      }
     }else {
        echo 'That email address has already been registered.</div>';
    }

并登录 

if ($_GET['action'] == 'login') {
         $error = array();
         if (empty($_POST['username'])) {
            $error[] = 'You forgot to enter your username ';
         } else{
             $username = $_POST['username'];
           }
        if (empty($_POST['password'])) {
            $error[] = 'Please Enter Your Password ';
        } else {
            $password = md5($_POST['password']);

        }

            $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' ";
            $result_check_credentials = mysql_query($check_credentials,$lnk);
            $user_check_credentials = mysql_fetch_assoc($result_check_credentials);

            if(!empty($user_check_credentials)){
                $_SESSION['Auth'] = $user_check_credentials['username'];
                header('location:index.php?page=home');
            }else{
                $message = '<img src="css/photos/zzzdoop.png"> ';
                $_SESSION['Auth'] = false;
            }

  } elseif ($_GET['action'] == 'logout') {
        $_SESSION['Auth'] = false;
    }

解决方案2
 0  2013-03-13 12:54:44

我猜错误在这里:

动作=登录 

if (empty($_POST['password'])) {
    $error[] = 'Please Enter Your Password ';
} else {
    $password = $_POST['password'];
    $password = md5(uniqid(rand(),true)); // HERE
}

您刚刚将密码更改为完全随机的密码,然后尝试在数据库中查找密码...

解决方案3
 0  2013-03-13 12:56:39

编程的关键是了解您在做什么以及知道确定错误所在的方法。 这完全是解决问题的方法。 如您在代码中看到的:(操作=登录) 

else {
    $password = $_POST['password'];
    $password = md5(uniqid(rand(),true));
}

您每次都生成一个随机密码,而不是对提供的密码进行哈希处理。 然后,您继续检查该用户是否存在。 您需要使其像您的注册方法一样: 

$password = md5($_POST['password']);

您遇到的另一个问题是在查询中检查有效用户。 您的flag字段是一个int但是您将其视为字符串。 

AND flag = '1' ";

需要是 

AND flag = 1 ";

注意 :请勿使用MySQL_ *,因为自PHP 5.5起已弃用MySQL_ *。 使用MySQLi_ *或PDO。 您还可以进行SQL注入,请小心。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 登录和注册表格密码 验证注册表单中的数据后,重定向到另一个页面进行登录 Drupal 8 自定义注册表单 WordPress中的自定义注册表格 在laravel 5中自定义注册表格 在注册表单中检查用户名 报名表(验证邮件) 登录表格和注册PHP 注册表中的验证码 Symfony 2注册表
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM