我有一个基本的注册系统。代码如下。它无法注册用户。 connect.php站点工作...如果我手动将信息添加到数据库,登录部分可以工作。我继续收到一条错误消息,我设置如下:“发生错误。您的帐户未创建。”
<?php
if ( $_POST['registerbtn'] ){
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];
if ($getuser){
if ($getemail){
if ($getpass){
if ($getretypepass){
if ( $getpass === $getretypepass ){
if( (strlen($getemail) >= 7) && (strstr($getemail,"@")) && (strstr($getemail,".")) ){
require("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$password = md5(md5("18sde#@!".$password."@1kwe#28"));
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')");
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
$site = "http://localhost/test";
$webmaster = "activation@test.com";
$headers = "From: $webmaster";
$subject = "Activate your account";
$message = "Thanks for registering. Click the link below to active your account.";
$message .= "$site/activate.php?user=$getuser&code=$code";
$message .= "You must activate your account to login.";
if ( mail($getemail, $subject, $message, $headers) ){
$errormsg = "You have been registered. You must activate your account using your email $getemail";
$getusr = "";
$getemail = "";
}
else
$errormsg = "An error has occurred. Your activation email was not sent.";
}
else
$errormsg = "An error has occurred. Your account was not created.";
}
else
$errormsg ="There is already a email with that email.";
}
else
$errormsg ="There is already a user with that username.";
mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errormsg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}
$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value'$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value'$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value'' /></td>
</tr>
<tr>
<td>Retype Password:</td>
<td><input type='password' name='retypepass' value'' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value'Register' /></td>
</tr>
</table>
</form>";
echo $form;
?>
答案 0 :(得分:1)
您正在INSERT进行user -
mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')");
----
但在SELECT
users
$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
-----
因此,您的INSERT永远不会插入一行供您稍后选择。
注意:您对SQL Injection持开放态度。至少要清理您的$_POST数据。或者转到mysqli_或PDO并使用准备好的陈述。
答案 1 :(得分:0)
不是解决方案,而是让您的代码更简单,更好的一些解决方法:
请勿使用mysql_个函数,请使用mysqli或PDO。不推荐使用mysql_。
不要单独验证输入(添加了许多必要条件和嵌套)。这样的事情比较简单:
$ createUser = true;
if(!$ getuser){$ errorMsg ='Your error msg'; $ createUser = false; } if(!$ getemail){$ errorMsg ='你的错误信息'; $ createUser = false; } if(!$ getpass){$ errorMsg ='你的错误信息'; $ createUser = false; }
if($ createUser){ ...创建用户...... }
使用real_escape_string清理您的输入(查找mysqli和pdo的实现)
最后,添加一些调试。例如,使用INSERT查询和$sql创建echo var,以查看查询是否正确形成。