我正在尝试创建一个注册表单,并在我的表单上传递mysqli_real_escape_string和salt。但由于某些原因,我的代码将不会继续。即使我将在我的表单上输入正确的信息,它也不会正确处理它。基本上我创建了一个将进行验证的函数。
这是我的代码:
<?php
session_start();
require("new-connection.php");
global $connection;
$first_name = mysqli_real_escape_string($connection, $_POST['first_name']);
$last_name = mysqli_real_escape_string($connection, $_POST['last_name']);
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
if(isset($_POST['action']) && ($_POST['action']) == 'register'){
//call to function
register_user($_POST); //use the ACTUAL POST
}
elseif(isset($_POST['action']) && ($_POST['action']) == 'login'){
login_user($_POST);
}else{
session_destroy();
header('Location: homepage.php');
die();
}
function register_user(){ //just a parameter called post
$_SESSION['errors'] = array();
if(empty($first_name)){
$_SESSION['errors'][] = "first name can't be blank!";
}
if(empty($last_name)){
$_SESSION['errors'][] = "last name can't be blank!";
}
if(empty($password)){
$_SESSION['errors'][] = "password is required!";
}
if($password != $post['confirm_password']){
$_SESSION['errors'][] = "passwords must match!";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION['errors'][] = "please use a valid email address!";
}
//end of validation
//now count errors
if(count($_SESSION['errors']) > 0){
header('Location: homepage.php');
die();
}else{
$query = "INSERT INTO users(first_name, last_name, password, email, created_at, updated_at)
VALUES ('$first_name', '$last_name','$password', '$email', NOW(), NOW())";
$result = run_mysql_query($query);
$_SESSION['message'] = "user successfully added";
header('Location: homepage.php');
die();
}
}
function login_user($post){ //just a parameter called post
$query = "SELECT * FROM users WHERE users.password = '{$post['password']}'
AND users.email = '{$post['email']}'";
$user = fetch($query); //go and grab all users on above condition
if(count($user) > 0){
$_SESSION['user_id'] = $user[0]['id'];
$_SESSION['first_name'] = $user[0]['first_name'];
$_SESSION['logged_in'] = true;
header('Location: success-homepage.php');
die();
}else{
$_SESSION['errors'][] = "cant find users";
header('Location: homepage.php');
die();
}
}
?>
知道出了什么问题???
注意:即使输入的数据是正确的,它也不会插入记录+它在$ _SESSION上给出错误。
答案 0 :(得分:0)
错误是什么?如果您有白页,请插入页面顶部:
error_reporting (E_ALL);
ini_set('display_errors',1);
答案 1 :(得分:-1)
请检查:
<?php
session_start();
require("new-connection.php");
global $connection;
$first_name = mysqli_real_escape_string($connection, $_POST['first_name']);
$last_name = mysqli_real_escape_string($connection, $_POST['last_name']);
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
if(isset($_POST['action']) && ($_POST['action']) == 'register'){
//call to function
register_user($firstname, $last_name, $email, $password, $salt, $encrypted_password); //use the ACTUAL POST // Cant only use post because isn't escaped
}
elseif(isset($_POST['action']) && ($_POST['action']) == 'login'){
login_user($email, $password);
}else{
session_destroy();
header('Location: homepage.php');
die();
}
function register_user($firstname, $last_name, $email, $password, $salt, $encrypted_password){ // Pass all escaped variables here becasue the $_POST isn't escaped
$_SESSION['errors'] = array();
if(empty($first_name)){
$_SESSION['errors'][] = "first name can't be blank!";
}
if(empty($last_name)){
$_SESSION['errors'][] = "last name can't be blank!";
}
if(empty($password)){
$_SESSION['errors'][] = "password is required!";
}
if($password != $post['confirm_password']){
$_SESSION['errors'][] = "passwords must match!";
}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$_SESSION['errors'][] = "please use a valid email address!";
}
//end of validation
//now count errors
if(count($_SESSION['errors']) > 0){
header('Location: homepage.php');
die();
}else{
// Add backticks around column and table names to prevent mysql reserved words error
$query = "INSERT INTO `users` (`first_name`, `last_name`, `password`, `email`, `created_at`, `updated_at`)
VALUES ('$first_name', '$last_name','$password', '$email', NOW(), NOW())";
$result = mysqli_query($connection, $query);
$_SESSION['message'] = "user successfully added";
header('Location: homepage.php');
die();
}
}
function login_user($email, $password){ //just a parameter called post
// No need to add table name
$query = "SELECT * FROM `users` WHERE `password` = '$password'
AND `email` = '$email'";
$result = mysqli_query($connection, $query);
if(mysqli_num_rows($result) >= 1) {
$user = mysqli_fetch_assoc($result); //go and grab all users on above condition
// Check if there was atleast 1 user with the specified credentials
if(count($user) >= 1){
$_SESSION['user_id'] = $user['id'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['logged_in'] = true;
header('Location: success-homepage.php');
die();
}else{
$_SESSION['errors'][] = "cant find users";
header('Location: homepage.php');
die();
}
} else {
echo 'no user was found';
}
}
?>