注册和登录表格

时间:2013-03-13 12:46:59

标签: php mysql

我已经创建了通过电子邮件发送链接的注册表单,您必须单击它才能成功注册,这使您必须登录。问题是我无法登录,而一切其他工作正常。下面你会找到我的register.php,activation.php和login.php。任何帮助都会很棒。

action = register.php 

if ($_GET['action'] == 'register') {
   if(isset($_POST['formsubmitted'])){
       $error = array();
   if(empty($_POST['username'])){
       $error[] = 'Please enter a username';
   }else{
       $username = $_POST['username'];
    }
  if(empty($_POST['email'])){
      $error[] = 'Please enter a mail';
  }else{
      if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) {
      $email = $_POST['email'];
  }else{
      $error[] = 'Your mail is invalid';
  }
}
if (empty($_POST['password'])){
    $error[] = 'Please enter a password';
}else{
    $password = $_POST['password'];
    $password = md5(uniqid(rand(),true));
}
if (empty($error)){
    $verify_email = "SELECT * FROM members WHERE email = '$email'";
    $result_verify_email = mysql_query($verify_email,$lnk);
 if (!$result_verify_email){
    echo 'Database error';
 }
 if (mysql_fetch_assoc($result_verify_email) == 0){
    $activationCode = md5(uniqid(rand(),true));
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)";
    $result_insert_users = mysql_query($insert_users,$lnk);
      if(!$result_insert_users){
         echo 'Database error';
      }
      if(mysql_affected_rows($lnk) == 1){
         $message = 'To activate your account, please click on this link:\n\n";';
         $message .= WEBSITE_URL . '/index.php?                page=activation&action=activation&key='.$activationCode;
         mail(
              $email,
              'Registration Confirmation',
               $message,
              'FROM:' . EMAIL
             );
         echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link';
     }else {
         echo 'You could not be registered';
      }
     }else {
        echo 'That email address has already been registered.</div>';
    }

动作=激活

if ($_GET['action'] == 'invitation') {

    if (!empty($_GET['key'])){
        //thelw na eleksw an afto to key uparxei sto tabale members
        $sql = "SELECT * FROM members WHERE activationCode = '".$_GET['key']."'";
        $result=mysql_query($sql,$lnk);
        $user=  mysql_fetch_assoc($result);

        if(!empty($user)){
            //edw tha energopoiisw ton xristi
            $sql = "UPDATE members SET flag=1 WHERE username = '".$user['username']."'";
            mysql_query($sql,$lnk); 
        }else{
            echo "this is WRONG";
        }
    }else{
        echo 'No key';
    }

}

action = login 

if ($_GET['action'] == 'login') {
         $error = array();
         if (empty($_POST['username'])) {
            $error[] = 'You forgot to enter your username ';
         } else{
             $username = $_POST['username'];
           }
        if (empty($_POST['password'])) {
            $error[] = 'Please Enter Your Password ';
        } else {
            $password = $_POST['password'];
            $password = md5(uniqid(rand(),true));
        }

            $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' ";
            $result_check_credentials = mysql_query($check_credentials,$lnk);
            $user_check_credentials = mysql_fetch_assoc($result_check_credentials);

            if(!empty($user_check_credentials)){
                $_SESSION['Auth'] = $user_check_credentials['username'];
                header('location:index.php?page=home');
            }else{
                $message = '<img src="css/photos/zzzdoop.png"> ';
                $_SESSION['Auth'] = false;
            }

  } elseif ($_GET['action'] == 'logout') {
        $_SESSION['Auth'] = false;
    }

3 个答案:

答案 0 :(得分:1)

密码错误。

使用下面的代码

if ($_GET['action'] == 'register') {
   if(isset($_POST['formsubmitted'])){
       $error = array();
   if(empty($_POST['username'])){
       $error[] = 'Please enter a username';
   }else{
       $username = $_POST['username'];
    }
  if(empty($_POST['email'])){
      $error[] = 'Please enter a mail';
  }else{
      if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) {
      $email = $_POST['email'];
  }else{
      $error[] = 'Your mail is invalid';
  }
}
if (empty($_POST['password'])){
    $error[] = 'Please enter a password';
}else{
    $password = md5($_POST['password']);

}
if (empty($error)){
    $verify_email = "SELECT * FROM members WHERE email = '$email'";
    $result_verify_email = mysql_query($verify_email,$lnk);
 if (!$result_verify_email){
    echo 'Database error';
 }
 if (mysql_fetch_assoc($result_verify_email) == 0){
    $activationCode = md5(uniqid(rand(),true));
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)";
    $result_insert_users = mysql_query($insert_users,$lnk);
      if(!$result_insert_users){
         echo 'Database error';
      }
      if(mysql_affected_rows($lnk) == 1){
         $message = 'To activate your account, please click on this link:\n\n";';
         $message .= WEBSITE_URL . '/index.php?                page=activation&action=activation&key='.$activationCode;
         mail(
              $email,
              'Registration Confirmation',
               $message,
              'FROM:' . EMAIL
             );
         echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link';
     }else {
         echo 'You could not be registered';
      }
     }else {
        echo 'That email address has already been registered.</div>';
    }

和登录

if ($_GET['action'] == 'login') {
         $error = array();
         if (empty($_POST['username'])) {
            $error[] = 'You forgot to enter your username ';
         } else{
             $username = $_POST['username'];
           }
        if (empty($_POST['password'])) {
            $error[] = 'Please Enter Your Password ';
        } else {
            $password = md5($_POST['password']);

        }

            $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' ";
            $result_check_credentials = mysql_query($check_credentials,$lnk);
            $user_check_credentials = mysql_fetch_assoc($result_check_credentials);

            if(!empty($user_check_credentials)){
                $_SESSION['Auth'] = $user_check_credentials['username'];
                header('location:index.php?page=home');
            }else{
                $message = '<img src="css/photos/zzzdoop.png"> ';
                $_SESSION['Auth'] = false;
            }

  } elseif ($_GET['action'] == 'logout') {
        $_SESSION['Auth'] = false;
    }

答案 1 :(得分:0)

我猜这个错误在这里:

action = login 

if (empty($_POST['password'])) {
    $error[] = 'Please Enter Your Password ';
} else {
    $password = $_POST['password'];
    $password = md5(uniqid(rand(),true)); // HERE
}

您刚刚将密码更改为完全随机的密码,然后您尝试在数据库中查找密码...

答案 2 :(得分:0)

编程的关键是理解你在做什么,并知道确定错误的方法。这完全是解决问题的方法。正如您在代码中看到的那样:(action = login)

else {
    $password = $_POST['password'];
    $password = md5(uniqid(rand(),true));
}

您每次都会生成一个随机密码,而不是对提供的密码进行哈希处理。然后,您继续检查用户是否存在。你需要像注册方法一样:

$password = md5($_POST['password']);

您遇到的另一个问题是查询有效用户。您的flag字段是int,但您将其视为字符串。

AND flag = '1' ";

需要

AND flag = 1 ";

注意:不要使用MySQL_ *,因为自PHP 5.5起已弃用它。使用MySQLi_ *或PDO。你也可以大范围注射SQL,小心。

相关问题
最新问题