几个月前我为我的项目建立了一个注册功能,它一直工作到昨天,我不太确定发生了什么,因为我好几周都没有用它改变任何东西,我上次检查的时候它正在工作。我自己试图调试它,但我发现它没有任何问题,我不知道还能做什么!
代码分为多个页面,但基本上,这是正在发生的事情:
HTML构建
<?php require_once("clean.php"); ?>
<ul class="nav pull-right"><?php
if (isset($_SESSION['logged'])) {?>
<li><a href="profile.php">Profile</a></li>
<li><a href="logout.php">Logout</a></li><?php
} else {?>
<li><a href="#register" class="account-register" data-toggle="modal" title="Register a new Screening account">Register</a></li>
<li><a href="#login" class="account-login" data-toggle="modal" title="Login to your Screening profile">Login</a></li><?php
}?>
</ul>
<div id="register" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="registerLabel" aria-hidden="true">
<?php require_once("register-controller.php"); ?>
<!-- reCAPTCHA jQuery -->
<script type="text/javascript">
var RecaptchaOptions = {
theme : 'white'
};
</script>
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="registerLabel" class="modal-title">Register a new Screening account</h3>
</div>
<form name="register" action="" method='POST' enctype="multipart/form-data">
<div class="modal-body">
<?php echo $register_bad_message; ?>
<?php echo $register_good_message; ?>
<input class="input-block-level" type="text" name="firstname" placeholder="First Name">
<input class="input-block-level" type="text" name="lastname" placeholder="Last Name">
<input class="input-block-level" type="email" name="email" placeholder="Email">
<input type="file" class="profile-picture-upload" name="profile-image" alt="profile-image">
<input class="input-block-level" type="password" name="password" placeholder="Password">
<input class="input-block-level" type="password" name="confirm-password" class="span3" placeholder="Confirm Password">
<?php include ("recaptcha_form.php") ?>
</div>
<div class="modal-footer">
<button type="button" class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
<button type="submit" class="btn btn-success" name="submit" value="Sign up!">Sign up!</button>
</div>
</form>
</div>
Clean.php
<?php
/*
ini_set('display_errors', 1);
error_reporting(E_ALL);
*/
function clean_string($string) {
$string = trim($string);
$string = utf8_decode($string);
$string = str_replace("#", "#", $string); $string = str_replace("%", "%", $string);
if (mysql_real_escape_string($string)) {
$string = mysql_real_escape_string($string);
}
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return htmlentities($string);
}
?>
寄存器Controller.php这样
<?php
/*
ini_set('display_errors', 1);
error_reporting(E_ALL);
*/
class SimpleImage {
var $image;
var $image_type;
function load($filename) {
$image_info = getimagesize($filename);
$this->image_type = $image_info[2];
if( $this->image_type == IMAGETYPE_JPEG ) {
$this->image = imagecreatefromjpeg($filename);
} elseif( $this->image_type == IMAGETYPE_PNG ) {
$this->image = imagecreatefrompng($filename);
}
}
function save($filename, $image_type=IMAGETYPE_JPEG, $compression=75, $permissions=null) {
if( $image_type == IMAGETYPE_JPEG ) {
imagejpeg($this->image,$filename,$compression);
} elseif( $image_type == IMAGETYPE_PNG ) {
imagepng($this->image,$filename);
}
if( $permissions != null) {
chmod($filename,$permissions);
}
}
function output($image_type=IMAGETYPE_JPEG) {
if( $image_type == IMAGETYPE_JPEG ) {
imagejpeg($this->image);
} elseif( $image_type == IMAGETYPE_PNG ) {
imagepng($this->image);
}
}
function getWidth() {
return imagesx($this->image);
}
function getHeight() {
return imagesy($this->image);
}
function resizeToHeight($height) {
$ratio = $height / $this->getHeight();
$width = $this->getWidth() * $ratio;
$this->resize($width,$height);
}
function resizeToWidth($width) {
$ratio = $width / $this->getWidth();
$height = $this->getheight() * $ratio;
$this->resize($width,$height);
}
function scale($scale) {
$width = $this->getWidth() * $scale/100;
$height = $this->getheight() * $scale/100;
$this->resize($width,$height);
}
function resize($width,$height) {
$new_image = imagecreatetruecolor($width, $height);
if( $this->image_type == IMAGETYPE_GIF || $this->image_type == IMAGETYPE_PNG ) {
$current_transparent = imagecolortransparent($this->image);
if($current_transparent != -1) {
$transparent_color = imagecolorsforindex($this->image, $current_transparent);
$current_transparent = imagecolorallocate($new_image, $transparent_color['red'], $transparent_color['green'], $transparent_color['blue']);
imagefill($new_image, 0, 0, $current_transparent);
imagecolortransparent($new_image, $current_transparent);
} elseif( $this->image_type == IMAGETYPE_PNG) {
imagealphablending($new_image, false);
$color = imagecolorallocatealpha($new_image, 0, 0, 0, 127);
imagefill($new_image, 0, 0, $color);
imagesavealpha($new_image, true);
}
}
imagecopyresampled($new_image, $this->image, 0, 0, 0, 0, $width, $height, $this->getWidth(), $this->getHeight());
$this->image = $new_image;
}
}
//Clean
echo "before clean";
$submit = clean_string($_POST['submit']);
echo "after clean";
if ($submit == 'Sign up!') {
$first_name = clean_string($_POST['first-name']);
$last_name = clean_string($_POST['last-name']);
$email = clean_string($_POST['email']);
$password = clean_string($_POST['password']);
$confirm_password = clean_string($_POST['confirm-password']);
//Output variables
$register_bad_message = '';
$register_good_message = '';
require_once($_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php');
$privatekey = "6Ldbd8ASAAAAAFz8VT29H5w4WLNjsbI-mFY2QkaC";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$errMessage = $resp->error;
$register_bad_message = '<div class="alert alert-error">The reCAPTCHA you entered wasn\'t correct. Please try again.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
} else {
if ($first_name&&$last_name&&$email&&$password&&$confirm_password) {
if ($password == $confirm_password) {
if (strlen($password) > 25 || strlen($password) < 6) {
$register_bad_message = '<div class="alert alert-error">Please enter a password between 6 and 25 characters.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
} else {
require_once("db_connect.php");
if($db_server) {
$first_name = clean_string($first_name);
$last_name = clean_string($last_name);
$email = clean_string($email);
$password = clean_string($password);
echo "1";
mysql_select_db($db_database);
$taken = mysql_query("SELECT email FROM users WHERE email='$email'");
$count = mysql_num_rows($taken);
if ($count > 0) {
$register_bad_message = '<div class="alert alert-error">The email you have entered is already associated with a Screening account. Please choose another.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
} else {
if ($_FILES) {
//Put file properties into variables
$file_name = $_FILES['profile-image']['name'];
$file_size = $_FILES['profile-image']['size'];
$file_tmp_name = $_FILES['profile-image']['tmp_name'];
//Determine filetype
switch ($_FILES['profile-image']['type']) {
case 'image/jpeg': $ext = "jpg"; break;
case 'image/png': $ext = "png"; break;
default: $ext = ''; break;
}
if ($ext) {
//Check filesize
if ($file_size < 5242880) {
//Process file - resize, clean up filename and move to safe location
$image = new SimpleImage();
$image->load($file_tmp_name);
$image->resizeToWidth(250);
$image->save($file_tmp_name);
$n = "$file_name";
$n = ereg_replace("[^A-Za-z0-9.]", "", $n);
$n = strtolower($n);
$n = "avatars/$n";
move_uploaded_file($file_tmp_name, $n);
} else {
$register_bad_message = '<div class="alert alert-error">Please ensure your chosen file is less than 5MB.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
} else {
$register_bad_message = '<div class="alert alert-error">Please ensure your image is of filetype .jpg or.png.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
}
$password = md5($password);
$query = "INSERT INTO users (first_name, last_name, email, password, image) VALUES ('$first_name', '$last_name', '$email', '$password', '$n')";
mysql_query($query) or die("Insert failed. " . mysql_error() . "<br />" . $query);
$register_good_message = '<div class="alert alert-success">Registration successful!
<br />
<a href='#login' data-toggle='modal' title='Login to your Screening profile'>Login now</a></div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
} else {
$register_bad_message = '<div class="alert alert-error">Error: could not connect to the database.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
require_once("db_close.php");
}
} else {
$register_bad_message = '<div class="alert alert-error">Passwords failed to match. Please try again.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
} else {
$register_bad_message = '<div class="alert alert-error">Please fill in all fields before continuing.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
}
}
?>
如果我打开错误报告,我收到的消息是:
清理之前警告:mysql_real_escape_string():在\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean中拒绝用户''@ localhost'(使用密码:NO)的访问权限第11行的.php警告:mysql_real_escape_string():无法在第11行的\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php中建立到服务器的链接注意:未定义的索引:第100行的\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ register-controller.php中的名字警告:mysql_real_escape_string():用户''访问被拒绝位于第11行的\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php中的@'localhost'(使用密码:NO)警告:mysql_real_escape_string():指向服务器的链接不能在第11行的\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php中建立注意:未定义的索引:\ ICS-FILESHARE \ WWW \ newmedia.leeds中的姓氏.ac.uk \ ug10 \ cs10aer \ screening_new \ REG第101行的ister-controller.php警告:mysql_real_escape_string():在\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \中拒绝用户''@ localhost'(使用密码:NO)的访问权限第11行的screening_new \ clean.php警告:mysql_real_escape_string():无法在\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php中建立到服务器的链接11警告:mysql_real_escape_string():在\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php上的用户''@ localhost'(使用密码:NO)拒绝访问11警告:mysql_real_escape_string():无法在第11行的\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php中建立到服务器的链接警告:mysql_real_escape_string():在第11行的\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php中,用户''@ localhost'(使用密码:NO)拒绝访问警告:mysql_real_escape_string():指向服务器的链接无法在第11行的\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php中建立警告:mysql_real_escape_string():用户''@ localhost'拒绝访问(使用密码:NO)在第11行的\ ICS-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php中警告:mysql_real_escape_string():无法在\ ICS中建立到服务器的链接第11行的-FILESHARE \ WWW \ newmedia.leeds.ac.uk \ ug10 \ cs10aer \ screening_new \ clean.php
但我检查了我的数据库连接,一切似乎都没问题 - 网站上的其他功能,例如登录和添加,删除和修改数据库详细信息都完美无缺,并且它们使用相同的数据库连接脚本,所以它是只是这个注册功能突然坏了,原因我无法理解。
答案 0 :(得分:3)
在调用mysql_real_escape_string之前,您必须连接到数据库。当代码到达此点时,尚未建立连接:
//Clean
echo "before clean";
$submit = clean_string($_POST['submit']);
echo "after clean";
或者,您可以使用非安全mysql_escape_string功能。 mysql_real_escape_string需要数据库连接,因为它需要知道连接的字符编码。
答案 1 :(得分:1)
更好的是,不要使用php mysql函数和即将被弃用的mysql_real_esape_string(),而是使用更新更安全的PDO。