被发送到网站的不同部分

时间:2013-11-09 20:59:28

标签: php forms pdo hyperlink fetch

我正在为我的网站制作一个注册表。

<?php
  include('config.php');

  if(isset($_SESSION['username'])) {
    header('Location:index.php');
  }

  if(isset($_POST['submit-registerform'])) {
    Register();
  }

  function Register() {
    if(!empty($_POST['username']) &&
       !empty($_POST['password']) &&
       !empty($_POST['lastname']) &&
       !empty($_POST['email'])) {
         // Database Connection:
         require('config.php');
         $MyConnection = new PDO('mysql:host=x;dbname=x', $dbusername, $dbpassword);
         $MyConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

         // Information from user:
         $username = htmlspecialchars($_POST['username']);
         $password = htmlspecialchars($_POST['password']);
         $lastname = htmlspecialchars($_POST['lastname']);
         $email = htmlspecialchars($_POST['email']);

         // Hashing the password:
         $cost = 10;
         $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
         $salt = sprintf("$2a$%02d$", $cost) . $salt;
         $hash = crypt($password, $salt);

         // Check if username already exists in the database:
         $findUser = $MyConnection->prepare("SELECT Username FROM Users WHERE Username = :username OR Email = :email");
         $findUser->bindParam(':username', $username);
         $findUser->bindParam(':email', $email);
         $findUser->execute();

         $foundUser = $findUser->fetch(PDO::FETCH_OBJ);

         if($username == $foundUser->Username) {
           echo '
             <div id="pop-up">
             This username is already in use. Please choose another one.
             </div>
             ';
         }
         elseif($email == $foundUser->Email) {
           echo '
             <div id="pop-up">
             This email address is already in use. Please sign up with a different one. <br />
             If this is impossible, please <a href="contact.php">contact us</a>.
             </div>
             ';
         }
         else {
           // Store information into the database:
           $sql = $MyConnection->prepare("INSERT INTO Users (Username, Password, Lastname, Email) 
             VALUES (:username, :password, :lastname, :email");
           $sql->bindParam(':username', $username);
           $sql->bindParam(':password', $hash);
           $sql->bindParam(':lastname', $lastname);
           $sql->bindParam(':email', $email);

           if($sql->execute()) {
             echo '
               <div id="pop-up">
               Your account has succesfully been registered. You can start using it right away, by clicking
               <a href="login.php">here</a>.
               </div>
               ';
         }
       }
  }
}
?>

当我在表单中填写信息,并且我已经使用了存储在我的数据库中的用户名时,我会得到正确的弹出窗口,显示该用户名已在使用中。 但是当我填写不同的信息(有或没有相同的电子邮件地址)时,我会被发送到另一个不存在的网页,所以我的主机接管并显示他们的错误屏幕。

有人知道为什么它会将网页的访问者发送到另一个页面(不存在)吗?

提前致谢!

1 个答案:

答案 0 :(得分:2)

$findUser = $MyConnection->prepare("SELECT Username FROM Users 
WHERE Username = :username OR Email = :email");

您正在检查:

$email == $foundUser->Email

但您从未从$findUser声明中选择它。

相关问题
最新问题