注册成员并允许他们登录(更新表等)都可以正常工作,直到我最近进行了此更改。本质上说,如果此人登录,则检查他们是否是成员或管理员,并根据他们的身份向他们显示不同的页面。我手动进入表,将现有用户设置为“成员”,而不是1位“管理员”用户。现在,当我尝试注册用户时,它不再插入tblUsers中。
我所做的更改如下:
<?php
if ($_SESSION['fldUserLevel'] == 'Member'){
?>
// PAGE DETAILS
<?php
}
?>
^^^这将显示页面的上半部分,然后让管理员看到页面的下半部分:
<?php
if ($_SESSION['fldUserLevel'] == 'Admin'){
?>
// PAGE DETAILS
<?php
}
?>
由于我在注册用户时执行了此操作,因此详细信息不再进入表中,有人可以建议原因吗?还是我需要一个脚本来说明所有注册人员,将UserLevel设为“会员”?
注册代码:
<?php
if (isset($_POST['signup-submit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
// check for any empty inputs.
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../signup.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}
// check for an invalid username AND invalid e-mail.
else if (!preg_match("/^[a-zA-Z0-9]*$/", $username) && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?error=invaliduidmail");
exit();
}
// check for an invalid username. In this case ONLY letters and numbers.
else if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invaliduid&mail=".$email);
exit();
}
// check for an invalid e-mail.
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?error=invalidmail&uid=".$username);
exit();
}
// check if the repeated password is NOT the same.
else if ($password !== $passwordRepeat) {
header("Location: ../signup.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}
else {
// include another error handler here that checks whether or the username is already taken. We HAVE to do this using prepared statements because it is safer!
$sql = "SELECT uidUsers FROM tblUsers WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCount = mysqli_stmt_num_rows($stmt);
mysqli_stmt_close($stmt);
if ($resultCount > 0) {
header("Location: ../signup.php?error=usertaken&mail=".$email);
exit();
}
else {
$sql = "INSERT INTO tblUsers (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?);";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../signup.php");
exit();
}
成功注册的网页截图: Signup Successful Message
该表的屏幕截图,其中没有显示Kayz的条目: Screenshot of phpMyAdmin
答案 0 :(得分:0)
确保您实际上已经设置了一个变量名称“ Member”;或“管理员”;不过,我建议Romain.B建议在设置默认值时阅读该文档。
$member = "Member"; or "Admin";
然后您的查询应为:
$sql = "INSERT INTO tblUsers (uidUsers, emailUsers, pwdUsers, fldUserLevel) VALUES (?, ?, ?, ?);";
进一步,您需要包括$ member的新变量:
mysqli_stmt_bind_param($stmt, "ssss", $username, $email, $hashedPwd, $member);
