我有一个PHP脚本,应该注册用户。它在两周前工作正常,但在对网站的一个不相关的部分做了一些小改动后,它今天停止了工作。这是代码:
<?php
$salt="mysecretsalt";
$activationkey = md5(uniqid(rand(), true));
$Firstname = $_POST['firstname'];
$Lastname = $_POST['lastname'];
$Email = $_POST['email'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
function asc2hex ($temp) {
$data = "";
$len = strlen($temp);
for ($i=0; $i<$len; $i++) $data.=sprintf("%02x",ord(substr($temp,$i,1)));
return $data;
}
$Email = stripslashes($Email);
$password = stripslashes($password);
$password2 = stripslashes($password2);
$Firstname = stripslashes($Firstname);
$Lastname = stripslashes($Lastname);
$Email = mysql_real_escape_string($Email);
$password = mysql_real_escape_string($password);
$Lastname = mysql_real_escape_string($Lastname);
$password2 = mysql_real_escape_string($password2);
$Firstname = mysql_real_escape_string($Firstname);
$password_length = strlen($password);
if($password_length > 5)
{
$password = sha1(md5($salt.$password));
$password2 = sha1(md5($salt.$password2));
$Firstname = strtolower($Firstname);
$Firstname = ucfirst($Firstname);
$Lastname = strtolower($Lastname);
$Lastname = ucfirst($Lastname);
$Email = strtolower($Email);
if ($password == $password2){
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect. Please Contact Us: ' . mysql_error());
}
mysql_select_db("members", $con);
$email_check = mysql_query("SELECT Email FROM users WHERE Email='$Email'");
$email_count = mysql_num_rows($email_check);
if(preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $Email)) {
if ($email_count == '0') {
$Email = mysql_real_escape_string($Email);
$password = mysql_real_escape_string($password);
$Lastname = mysql_real_escape_string($Lastname);
$password2 = mysql_real_escape_string($password2);
$Firstname = mysql_real_escape_string($Firstname);
setcookie("Friendsplash", $activationkey, time()+3600);
mysql_query("INSERT INTO users (Firstname, Lastname, Email, password, activationkey) VALUES ('$Firstname', '$Lastname', '$Email', '$password', '$activationkey' )");
//$to = $Email;
//$subject = "Confirmation of Friendsplash.com Membership.";
//$message = "Welcome to our website! $Firstname $Lastname\r\rThis is a confirmation email regarding your recent request for a membership at Friendsplash.com\r\r
//To activate your account follow this confirmation link:\rhttp://localhost/html/activate.php?$activationkey
//\r\rIf you do not wish to activate this account please disregard this email.";
//$from = "postmaster@localhost";
//$headers = "From:" . $from;
//mail($to,$subject,$message,$headers);
mkdir("./usr/$Email", 0755);
echo "<meta http-equiv='REFRESH' content='0;url=confirmation.html'>";
}
else {
echo "<meta http-equiv='REFRESH' content='0;url=existing_email.html'>";
}
}
else {
echo "Please enter a valid email.<meta http-equiv='REFRESH' content='2;url=register.html'>";
}
}
else {
echo "<meta http-equiv='REFRESH' content='0;url=non-matching_passwords.html'>";
}
}
else {
echo "<meta http-equiv='REFRESH' content='15;url=short_password.html'>"; \\ Always taken here
}
}
}
}
?>
我已经尝试过评论这个,但它只是把我带到了它之上。
答案 0 :(得分:4)
您的问题在于,在连接到数据库之前,您mysql_real_escape_string数据。 mysql_real_escape_string需要现有的数据库连接来完成其工作,如果没有,它将返回false。因此,您的所有数据都是false,因此您的检查失败了。有关详细信息,请阅读manual page。
您应该启用错误报告以更早地发现此类问题。
error_reporting(E_ALL);
ini_set('display_errors', true);
此外,您不应该根据转义值检查密码长度,因为这可能与用户输入的值明显不同。
此外,提前失败。没有数千个嵌套级别的if - else语句,这是不可维护的。相反,做一些事情:
if (!/* some important condition */) {
header('Location: http://example.com/error-page');
exit; // fail here
}
// business as usual