我正在尝试使用我的函数创建一个随机字符串,该函数可以在我的表中插入字符串。
提交register.php后,页面activation.php紧随其后。在激活页面上,用户应输入生成的字符串,如果有效,则页面login.php如下。
我的问题是在activation.php页面上显示错误“ERROR”。看起来我的用户输入$code和变量$result之间的条件不会起作用。错误在哪里?
<?php require_once './auth.php'; ?>
<?php
//activation.php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="user2"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// upload picture
// Get values from form
if (isset($_POST['code'])) {
$code=$_POST['code'];
}
$username = ($_SESSION['user']['username']);
// Insert data into mysql
$result = mysql_query("SELECT code FROM user2 WHERE username = '$username'");
if (!$result) {
echo 'Konnte Abfrage nicht ausführen: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
if( $result == $_POST['code']){
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/socialad/login.php');
//$codedelete = mysqli_query("UPDATE user2 SET code='0' WHERE username = '$username'");
}
else {
echo "ERROR";
}
// close connection
mysql_close();
?>
<?php
session_start(); // auth.php
session_regenerate_id();
if (empty($_SESSION['login'])) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
exit;
} else {
$username = ($_SESSION['user']['username']);
}
?>
<?php
//register.php
$message = array();
if (!empty($_POST)) {
if(isset($_POST['f']['country']) )
{
$country = $_POST['f']['country'];
}
function generateRandomString($length = 8) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
$randomString = generateRandomString();
if (
empty($_POST['f']['username']) ||
empty($_POST['f']['password']) ||
empty($_POST['f']['password_again']) ||
empty($_POST['f']['email']) ||
empty($_POST['f']['firstname']) ||
empty($_POST['f']['lastname']) ||
empty($_POST['f']['phone']) ||
empty($_POST['f']['town']) ||
empty($_POST['f']['street']) ||
empty($_POST['f']['zip'])
) {
$message['error'] = 'Es wurden nicht alle Felder ausgefüllt.';
} else if ($_POST['f']['password'] != $_POST['f']['password_again']) {
$message['error'] = 'Die eingegebenen Passwörter stimmen nicht überein.';
} else {
unset($_POST['f']['password_again']);
$salt = '';
for ($i = 0; $i < 22; $i++) {
$salt .= substr('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', mt_rand(0, 63), 1);
}
$_POST['f']['password'] = crypt(
$_POST['f']['password'],
'$2a$10$' . $salt
);
$mysqli = @new mysqli('localhost', 'root', '', '');
if ($mysqli->connect_error) {
$message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error;
}
$query = sprintf(
"INSERT INTO user2 (username, password, email, firstname, lastname, phone, town, street, zip, country, code)
SELECT * FROM (SELECT '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') as new_user
WHERE NOT EXISTS (
SELECT username FROM user2 WHERE username = '%s'
) LIMIT 1;",
$mysqli->real_escape_string($_POST['f']['username']),
$mysqli->real_escape_string($_POST['f']['password']),
$mysqli->real_escape_string($_POST['f']['email']),
$mysqli->real_escape_string($_POST['f']['firstname']),
$mysqli->real_escape_string($_POST['f']['lastname']),
$mysqli->real_escape_string($_POST['f']['phone']),
$mysqli->real_escape_string($_POST['f']['town']),
$mysqli->real_escape_string($_POST['f']['street']),
$mysqli->real_escape_string($_POST['f']['zip']),
$mysqli->real_escape_string($_POST['f']['country']),
$mysqli->real_escape_string($randomString),
$mysqli->real_escape_string($_POST['f']['username'])
);
$mysqli->query($query);
if ($mysqli->affected_rows == 1) {
$message['success'] = 'Neuer Benutzer (' . htmlspecialchars($_POST['f']['username']) . ') wurde angelegt, <a href="login.php">weiter zur Anmeldung</a>.';
header('Location: http://' . $_SERVER['HTTP_HOST'] . '//activation.php');
// $empfaenger = $_POST['f']['email'];
// $betreff = "Registration";
// $from = "From: Webmaster <webmaster@somediashout.de>";
// $text = "Thank you for your registration. Your code is : " + $randomString;
// mail($empfaenger, $betreff, $text, $from);
session_start();
$_SESSION = array(
'login' => true,
'user' => array(
'username' => $row['username']
)
);
} else {
}
$mysqli->close();
}
}
?>
答案 0 :(得分:1)
据我所知,你在问为什么你在activation.php上显示“错误”。 “错误”是由这段代码创建的,我相信你知道:
if( $result == $_POST['code']){
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/socialad/login.php');
} else {
echo "ERROR";
}
您目前正在检查的是:IF $ result(包含mysql_query的返回,这将是一个资源。请参阅此处了解更多详细信息:PHP Mysql_query)与$ _POST ['code'相同]这可能不是你想要的。我想你真正想要检查的是:
if($row[0] == $code){
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/socialad/login.php');
}