我编辑代码后转为$_SESSION['just'] = $username;
我正在尝试创建一个注册系统,一旦用户注册就会生成OTP,我正在测试localhost上的网站。一旦用户点击注册。
我的activateaccount.php无效,它应该将otp和status字段分别设置为NULL和1。即使用户插入OTP不正确,它仍然会将它们路由到login.html
这是我的signup.php
的代码<?php
session_start();
require 'php includes/db.ini.php';
$fill = "fill all the feilds";
$random = mt_rand(1000,1000000);
if(isset($_POST['first'])){
$first = trim(mysqli_real_escape_string($connection,$_POST['first']));
}
if(isset($_POST['last'])){
$last = trim(mysqli_real_escape_string($connection,$_POST['last']));
}
if(isset($_POST['username'])){
$username = trim(mysqli_real_escape_string($connection,$_POST['username']));
}
//invalid email can be submited, and will be accepted but the account won't be activated if the email dosen't get verified
if(isset($_POST['email'])){
$email = trim(mysqli_real_escape_string($connection,$_POST['email']));
}
if(isset($_POST['password'])){
$password = trim(mysqli_real_escape_string($connection,$_POST['password']));
}
$required = array('first', 'last', 'username', 'email', 'password');
$error = false;
foreach($required as $field) {
if (empty($_POST[$field])) {
$error = true;
}
}
if (!$error) {
//checking if any of the required feilds are empty
$sql = "SELECT Email FROM registeredusers WHERE Email='$email'";
$result = mysqli_query($connection,$sql);
$emailCheck = mysqli_num_rows($result);
$structure = "users/$username/profile photos/project photos";
if ($emailCheck>0){
echo "email exists";
}else{
if (file_exists($structure)){
echo "username already exists";
}
else{
$hpwd = password_hash($password,PASSWORD_DEFAULT);
$username_lower = strtolower($username);
$sql = "INSERT INTO registeredusers (FirstName,LastName,UserName,Email,Password,otp,status)
VALUES ('$first','$last','$username','$email','$hpwd','$random','0')";
mkdir($structure,0777,true);
$result = mysqli_query($connection,$sql);
$_SESSION['just'] = $username;
header("Location:activateaccount.html");
}
}}else{
echo "fill out all the feilds";
}
?>
我认为我创建的会话无法正常运行,或者我可能没有正确使用它,这是我的activateaccount.php代码
<?php
session_start();
include 'php includes/db.ini.php';
$username = $_SESSION['just'];
echo $username;
if(isset($_POST['submit'])){
$submitted_otp = trim(mysqli_real_escape_string($connection,$_POST['otp']));
}
$required = array('otp');
$error = false;
foreach($required as $field) {
if (empty($_POST[$field])) {
$error = true;
}
}
if (!$error) {
$sql = "SELECT UserName FROM registeredusers WHERE UserName='$username'";
$result = mysqli_query($connection,$sql);
$row = mysqli_fetch_assoc($result);
$otp = $row['otp'];
echo $otp;
if($otp !== $submitted_otp){
echo "the otp isn't correct";
}else{
$update = "UPDATE registeredusers SET status='1', otp=NULL";
session_destroy();
header("Location: login.html");
}}
?>
我会在一段时间后在activateaccount.php页面上销毁会话。有谁可以帮助我吗。我甚至无法使用其他文件回显会话。
答案 0 :(得分:0)
以下条件永远不会传递if条件,它总是执行其他条件。请检查以下更新条件
if($otp != $submitted_otp){
请改变这种情况。会话将永远不会在标题位置之后设置。请将其更改为
$_SESSION['just'] = $row['UserName'];
header("Location:activateaccount.html");
添加mysql_fetch_assoc
$sql = "INSERT INTO registeredusers (FirstName,LastName,UserName,Email,Password,otp,status)
VALUES ('$first','$last','$username','$email','$hpwd','$random','0')";
mkdir($structure,0777,true);
$result = mysqli_query($connection,$sql);
$row = mysqli_fetch_assoc($result);
$_SESSION['just'] = $row['UserName'];