使用POST方法的表单仍然使用GET

时间:2015-08-18 08:00:20

标签: php html forms authentication

我正在为我正在制作的网站制作用户登录/注册系统。在/register页面中,我有一个表单,应该使用POST方法,尽管它似乎正在使用GET。点击Sign Up后,会转到此网址:http://localhost:8080/zoweb/register/?first_name=my+first+name&last_name=my+last+name&username=my+username&email=my%40email.com&password=my+password&confirm_password=my+password&register=Sign+Up。我没有在此页面上使用任何JavaScript,我知道这会影响到这一点。

表格:

<form action="register.php" method="post">
    <table>
        <tr>
            <td>First name:</td><td><input type="text" name="first_name" placeholder="John"/></td>
        </tr>
        <tr>
            <td>Last name:</td><td><input type="text" name="last_name" placeholder="Smith"/></td>
        </tr>
        <tr>
            <td>Username:</td><td><input type="text" name="username" placeholder="Smithton"/></td>
        </tr>
        <tr>
            <td>Email:</td><td><input type="email" name="email" placeholder="john@smith.family"/></td>
        </tr>
        <tr>
            <td>Password:</td><td><input type="password" name="password" placeholder="&bull;&bull;&bull;&bull;&bull;&bull;&bull;&bull;&bull;&bull;&bull;"/></td>
        </tr>
        <tr>
            <td>Confirm password:</td><td><input type="password" name="confirm_password" placeholder="&bull;&bull;&bull;&bull;&bull;&bull;&bull;&bull;&bull;&bull;&bull;"/></td>
        </tr>
    </table>
    <ul class="actions">
        <li><input name="register" value="Sign Up" type="submit" class="button special" /></li>
    </ul>
</form>

register.php页面包含以下代码:

<?php

if (isset($_POST['register'])) {
    $fname =  $_POST['first_name'];
    $lname = $_POST['last_name'];
    $uname = $_POST['username'];
    $password = $_POST['password'];
    $confpass = $_POST['confirm_password'];
    $email = $_POST['email'];
    $good = 1;
    include('../connect.php');
    if (!$fname) {
        redir('./?error=first_name&errormsg=You must fill out all required forms.&showLogin=true');
        $good = 0;
    }

    if (!$email) {
        redir('./?error=email&errormsg=You must fill out all required forms.&showLogin=true');
        $good = 0;
    } elseif (filter_var($email, FILTER_VALIDATE_EMAIL)) {
        redir('./?error=email&errormsg=Invalid email.&showLogin=true');
        $good = 0;
    }

    if (!$lname) {
        redir('./?error=last_name&errormsg=You must fill out all required forms.&showLogin=true');
        $good = 0;
    }

    if (!$uname) {
        redir('./?error=username&errormsg=You must fill out all required forms.&showLogin=true');
        $good = 0;
    }

    if (!$password) {
        redir('./?error=password&errormsg=You must fill out all required forms.&showLogin=true');
        $good = 0;
    }

    if ($confpass != $password) {
        redir('./?error=confirm_password&errormsg=You must fill out all required forms.&showLogin=true');
        $good = 0;
    }

    function redir($url)
    {
        header('Location: ' . $url);
    }

    if ($good == 1) {
        echo "Good.";

        $passwordhashoptions = [
            'cost' => 11,
            'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
        ];
        $passhash = password_hash($password, PASSWORD_BCRYPT, $passwordhashoptions);
        $query = "SELECT * FROM `users` WHERE `username` IS '" . $uname . "';";
        $mysqli_result = $mysqli->query($query);
        echo "Result: " . $mysqli_result;
        if ($mysqli_result === FALSE) {
            $query = "INSERT INTO `webauth`.`users` (`username`, `first_name`, `last_name`, `email`, `password`) VALUES ('" . $uname . "', '" . $fname . "', '" . $lname . "', '" . $email . "', '" . $passhash . "');";
            $mysqli->query($query);
            $emailcontent = "<style>
    #div {
        width:600px;
        margin-left:auto;
        margin-right:auto;
        background-color: #cafff8;
        padding:5px;
        border-radius:10px;
        font-family:sans-serif;
    }
</style>
<div id='div'>Thankyou for registering at Zoweb. To confirm your account, just click the link below:<br><a href='http://localhost:8080/zoweb/register/confirm.php?code=xxx' style='color:black;text-decoration:underline;'>Verify</a></a></div>";
            $to = $email;
            $subject = "Confirm your account on Zoweb\r\n";
            $headers = "From: no-reply@zoweb.me\r\n";
            $headers .= "MIME-Version: 1.0\r\n";
            $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
            mail($to, $subject, $emailcontent, $headers);
            header('Location: ./?error=none&errormsg=Please check your emails for confirmation.&showLogin=false&fname=' . $fname);
        } else {
            redir('./?error=fname');
        }
    }
    $mysqli->close();
}

我认为,由于某种原因,register.php可能会回到index.php,但请不要认为,因为register.php没有任何重定向内容在其中形成。

0 个答案:

没有答案