我们有一个内容管理系统,用于在我们的网站上创建和更新活动。 CMS将数据存储到MySQL表中或从中获取数据。
要求是使用正在更新或创建任何事件的username / emailid来跟踪用户。
我的观念非常明确,所有归功于C5m7b4 和他对我last post的回答。
但作为一名新手,我无法将他的建议实施到我的CMS中。我请求大家指导我走正确的道路。
这是我的登录文件
session_start();
ob_start();
include "functions/dbc_login.php";
if(isset($_POST["page"]) && !empty($_POST["page"]))
{
//Sign-up Page Starts here
if($_POST["page"] == "users_registration")
{
$firstname = trim(strip_tags($_POST['firstname']));
$lastname = trim(strip_tags($_POST['lastname']));
$user_email = trim(strip_tags($_POST['email']));
$user_password = trim(strip_tags($_POST['passwd']));
$encrypted_md5_password = md5($user_password);
$check_for_duplicates = mysql_query("select * from `user_login` where `email` = '".mysql_real_escape_string($user_email)."'");
if($firstname == "" || $lastname == "" || $user_email == "" || $user_password == "")
{
echo '<br><div class="info">Sorry, all fields are required to create a new account. Thanks.</div><br>';
}
elseif(!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $user_email))
{
echo '<br><div class="info">Sorry, Your email address is invalid, please enter a valid email address to proceed. Thanks.</div><br>';
}
else if(mysql_num_rows($check_for_duplicates) > 0)
{
echo '<br><div class="info">Sorry, your email address already exist in our database and duplicate email addresses are not allowed for security reasons.<br>Please enter a different email address to proceed or login with your existing account. Thanks.</div><br>';
}
else
{
if(mysql_query("INSERT INTO user_login(id, firstname, lastname, email, password, active) VALUES('', '".mysql_real_escape_string($firstname)."', '".mysql_real_escape_string($lastname)."', '".mysql_real_escape_string($user_email)."', '".mysql_real_escape_string($encrypted_md5_password)."', '1')"))
{
$_SESSION["VALID_USER_ID"] = $user_email;
$_SESSION["USER_FULLNAME"] = strip_tags($firstname.' '.$lastname);
$_SESSION["ACCOUNT_NAME"] = $name;
$_SESSION["ACC_ADMIN"] = "";
//echo 'index.php?uid='.$_SESSION["USER_FULLNAME"].'&name='.$_SESSION["ACCOUNT_NAME"].'&';
echo 'index.php?uid='.$_SESSION["USER_FULLNAME"].'&';
echo 'registered_successfully=yes';
}
else
{
echo '<br><div class="info">Sorry, your account could not be created at the moment. Please try again or contact the site admin to report this error if the problem persist. Thanks.</div><br>';
}
}
}
//Sign-up Page Ends here
//Login Page Starts here
elseif($_POST["page"] == "users_login")
{
$user_email = trim(strip_tags($_POST['email']));
$user_password = trim(strip_tags($_POST['passwd']));
$encrypted_md5_password = md5($user_password);
$validate_user_information = mysql_query("select * from user_login where email = '".mysql_real_escape_string($user_email)."' and `password` = '".mysql_real_escape_string($encrypted_md5_password)."' and active=\"1\"");
if(mysql_num_rows($validate_user_information) == 1)
{
$get_user_information = mysql_fetch_array($validate_user_information);
$_SESSION["VALID_USER_ID"] = $user_email;
$_SESSION["USER_FULLNAME"] = strip_tags($get_user_information["firstname"].' '.$get_user_information["lastname"]);
$_SESSION["ACCOUNT_NAME"] = strip_tags($get_user_information["account"]);
$_SESSION["ACC_ADMIN"] = strip_tags($get_user_information["accadmin"]);
echo 'index.php?uid='.$_SESSION["USER_FULLNAME"].'&';
echo 'login_process_completed_successfully=yes';
}
else
{
echo '<br><div class="info">Sorry, you have provided incorrect information. Please enter correct user information to proceed. Thanks.</div><br>';
}
}
//Login Page Ends here
}
谢谢!