我正在为我正在制作的网站制作用户登录/注册系统。在/register
页面中,我有一个表单,应该使用POST
方法,尽管它似乎正在使用GET
。点击Sign Up
后,会转到此网址:http://localhost:8080/zoweb/register/?first_name=my+first+name&last_name=my+last+name&username=my+username&email=my%40email.com&password=my+password&confirm_password=my+password®ister=Sign+Up
。我没有在此页面上使用任何JavaScript,我知道这会影响到这一点。
表格:
<form action="register.php" method="post">
<table>
<tr>
<td>First name:</td><td><input type="text" name="first_name" placeholder="John"/></td>
</tr>
<tr>
<td>Last name:</td><td><input type="text" name="last_name" placeholder="Smith"/></td>
</tr>
<tr>
<td>Username:</td><td><input type="text" name="username" placeholder="Smithton"/></td>
</tr>
<tr>
<td>Email:</td><td><input type="email" name="email" placeholder="john@smith.family"/></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" name="password" placeholder="•••••••••••"/></td>
</tr>
<tr>
<td>Confirm password:</td><td><input type="password" name="confirm_password" placeholder="•••••••••••"/></td>
</tr>
</table>
<ul class="actions">
<li><input name="register" value="Sign Up" type="submit" class="button special" /></li>
</ul>
</form>
register.php
页面包含以下代码:
<?php
if (isset($_POST['register'])) {
$fname = $_POST['first_name'];
$lname = $_POST['last_name'];
$uname = $_POST['username'];
$password = $_POST['password'];
$confpass = $_POST['confirm_password'];
$email = $_POST['email'];
$good = 1;
include('../connect.php');
if (!$fname) {
redir('./?error=first_name&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
if (!$email) {
redir('./?error=email&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
} elseif (filter_var($email, FILTER_VALIDATE_EMAIL)) {
redir('./?error=email&errormsg=Invalid email.&showLogin=true');
$good = 0;
}
if (!$lname) {
redir('./?error=last_name&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
if (!$uname) {
redir('./?error=username&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
if (!$password) {
redir('./?error=password&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
if ($confpass != $password) {
redir('./?error=confirm_password&errormsg=You must fill out all required forms.&showLogin=true');
$good = 0;
}
function redir($url)
{
header('Location: ' . $url);
}
if ($good == 1) {
echo "Good.";
$passwordhashoptions = [
'cost' => 11,
'salt' => mcrypt_create_iv(22, MCRYPT_DEV_URANDOM),
];
$passhash = password_hash($password, PASSWORD_BCRYPT, $passwordhashoptions);
$query = "SELECT * FROM `users` WHERE `username` IS '" . $uname . "';";
$mysqli_result = $mysqli->query($query);
echo "Result: " . $mysqli_result;
if ($mysqli_result === FALSE) {
$query = "INSERT INTO `webauth`.`users` (`username`, `first_name`, `last_name`, `email`, `password`) VALUES ('" . $uname . "', '" . $fname . "', '" . $lname . "', '" . $email . "', '" . $passhash . "');";
$mysqli->query($query);
$emailcontent = "<style>
#div {
width:600px;
margin-left:auto;
margin-right:auto;
background-color: #cafff8;
padding:5px;
border-radius:10px;
font-family:sans-serif;
}
</style>
<div id='div'>Thankyou for registering at Zoweb. To confirm your account, just click the link below:<br><a href='http://localhost:8080/zoweb/register/confirm.php?code=xxx' style='color:black;text-decoration:underline;'>Verify</a></a></div>";
$to = $email;
$subject = "Confirm your account on Zoweb\r\n";
$headers = "From: no-reply@zoweb.me\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
mail($to, $subject, $emailcontent, $headers);
header('Location: ./?error=none&errormsg=Please check your emails for confirmation.&showLogin=false&fname=' . $fname);
} else {
redir('./?error=fname');
}
}
$mysqli->close();
}
我认为,由于某种原因,register.php
可能会回到index.php
,但请不要认为,因为register.php
没有任何重定向内容在其中形成。