[英]My PHP Registration form wont work
我正在嘗試創建注冊表單,並在表單上傳遞mysqli_real_escape_string
和salt
。 但是由於某種原因,我的代碼無法繼續執行。 即使我在表格上輸入正確的信息,也不會僅僅正確地處理它。 基本上,我創建了一個函數來進行驗證。
這是我的代碼:
<?php
session_start();
require("new-connection.php");
global $connection;
$first_name = mysqli_real_escape_string($connection, $_POST['first_name']);
$last_name = mysqli_real_escape_string($connection, $_POST['last_name']);
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
if(isset($_POST['action']) && ($_POST['action']) == 'register'){
//call to function
register_user($_POST); //use the ACTUAL POST
}
elseif(isset($_POST['action']) && ($_POST['action']) == 'login'){
login_user($_POST);
}else{
session_destroy();
header('Location: homepage.php');
die();
}
function register_user(){ //just a parameter called post
$_SESSION['errors'] = array();
if(empty($first_name)){
$_SESSION['errors'][] = "first name can't be blank!";
}
if(empty($last_name)){
$_SESSION['errors'][] = "last name can't be blank!";
}
if(empty($password)){
$_SESSION['errors'][] = "password is required!";
}
if($password != $post['confirm_password']){
$_SESSION['errors'][] = "passwords must match!";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION['errors'][] = "please use a valid email address!";
}
//end of validation
//now count errors
if(count($_SESSION['errors']) > 0){
header('Location: homepage.php');
die();
}else{
$query = "INSERT INTO users(first_name, last_name, password, email, created_at, updated_at)
VALUES ('$first_name', '$last_name','$password', '$email', NOW(), NOW())";
$result = run_mysql_query($query);
$_SESSION['message'] = "user successfully added";
header('Location: homepage.php');
die();
}
}
function login_user($post){ //just a parameter called post
$query = "SELECT * FROM users WHERE users.password = '{$post['password']}'
AND users.email = '{$post['email']}'";
$user = fetch($query); //go and grab all users on above condition
if(count($user) > 0){
$_SESSION['user_id'] = $user[0]['id'];
$_SESSION['first_name'] = $user[0]['first_name'];
$_SESSION['logged_in'] = true;
header('Location: success-homepage.php');
die();
}else{
$_SESSION['errors'][] = "cant find users";
header('Location: homepage.php');
die();
}
}
?>
任何想法出了什么問題嗎???
注意:即使輸入的數據正確,它也不會插入記錄及其在$ _SESSION上給出的錯誤。
這是什么錯誤? 如果您有白頁,請在頁面頂部插入:
error_reporting (E_ALL);
ini_set('display_errors',1);
請檢查以下內容:
<?php
session_start();
require("new-connection.php");
global $connection;
$first_name = mysqli_real_escape_string($connection, $_POST['first_name']);
$last_name = mysqli_real_escape_string($connection, $_POST['last_name']);
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
if(isset($_POST['action']) && ($_POST['action']) == 'register'){
//call to function
register_user($firstname, $last_name, $email, $password, $salt, $encrypted_password); //use the ACTUAL POST // Cant only use post because isn't escaped
}
elseif(isset($_POST['action']) && ($_POST['action']) == 'login'){
login_user($email, $password);
}else{
session_destroy();
header('Location: homepage.php');
die();
}
function register_user($firstname, $last_name, $email, $password, $salt, $encrypted_password){ // Pass all escaped variables here becasue the $_POST isn't escaped
$_SESSION['errors'] = array();
if(empty($first_name)){
$_SESSION['errors'][] = "first name can't be blank!";
}
if(empty($last_name)){
$_SESSION['errors'][] = "last name can't be blank!";
}
if(empty($password)){
$_SESSION['errors'][] = "password is required!";
}
if($password != $post['confirm_password']){
$_SESSION['errors'][] = "passwords must match!";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION['errors'][] = "please use a valid email address!";
}
//end of validation
//now count errors
if(count($_SESSION['errors']) > 0){
header('Location: homepage.php');
die();
}else{
// Add backticks around column and table names to prevent mysql reserved words error
$query = "INSERT INTO `users` (`first_name`, `last_name`, `password`, `email`, `created_at`, `updated_at`)
VALUES ('$first_name', '$last_name','$password', '$email', NOW(), NOW())";
$result = mysqli_query($connection, $query);
$_SESSION['message'] = "user successfully added";
header('Location: homepage.php');
die();
}
}
function login_user($email, $password){ //just a parameter called post
// No need to add table name
$query = "SELECT * FROM `users` WHERE `password` = '$password'
AND `email` = '$email'";
$result = mysqli_query($connection, $query);
if(mysqli_num_rows($result) >= 1) {
$user = mysqli_fetch_assoc($result); //go and grab all users on above condition
// Check if there was atleast 1 user with the specified credentials
if(count($user) >= 1){
$_SESSION['user_id'] = $user['id'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['logged_in'] = true;
header('Location: success-homepage.php');
die();
}else{
$_SESSION['errors'][] = "cant find users";
header('Location: homepage.php');
die();
}
} else {
echo 'no user was found';
}
}
?>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.