0

在看了好几个小时的帖子和不同的论坛之后,我终于放弃了。在过去的 24 小时里,我一直在通过尝试创建注册和登录页面来学习 PHP。注册似乎正在工作(我确信有一些错误等,但到目前为止一切似乎都在 sql 中)。就我的登录页面而言,这是我遇到一些问题的地方。

新编辑

这是我的registration.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

//Set error msg to blank
$errorMsg = "";
// Check to see if the form has been submitted
if (isset($_POST['username'])) 
{
include_once 'db_connect.php';
$username = preg_replace('/[^A-Za-z0-9]/', '', $_POST['username']);
$password = preg_replace('/[^A-Za-z0-9]/', '', $_POST['password']); 
$accounttype = preg_replace('/[^A-Za-z]/','', $_POST['accounttype']);
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
//validate email with filter_var
if ((!$username) || (!$password) || (!$accounttype) || (!$email))
    {
    $errorMsg = "Everything needs to be filled out";
    } 
    else {
// if fields are not empty

// check if user name is in use
    $db_username_check = mysql_query("SELECT id FROM members WHERE          username='$username' LIMIT 1");
    $username_check = mysql_num_rows($db_username_check); 
// check if email is in use
    $db_email_check = mysql_query("SELECT id FROM members WHERE email='$email' LIMIT 1");
    $email_check = mysql_num_rows($db_email_check);

//if username is in use ... ERROR
    if ($username_check > 0)  { 
    $errorMsg = "ERROR: username is already in use";

// if username is ok check if email is in use       
    } else if ($email_check > 0) {
    $errorMsg = "ERROR: email is already in use"; 

    } else {

    session_start();
    $hashedPass = md5($password); 
// Add user info into the database table, claim your fields then values 
    $sql = mysql_query("INSERT INTO members (username, password, email, accounttype ) 
    VALUES('$username', '$hashedPass', '$email', '$accounttype')") or die (mysql_error());
    // Retrieves the ID generated for an AUTO_INCREMENT column by the previous query
    $id = mysql_insert_id();
    $_SESSION['id'] = $id; 
    mkdir("members/$id", 0755); 
    header("location: member_profile.php?id=$id");
    $errorMsg = "Registration Successful";
    exit();}

    }
// if the form has not been submitted
} else { $errorMsg = 'To register please fill out the form'; }
?>

这是我的 Login.php

<?php
 error_reporting(E_ALL);
    ini_set('display_errors', '1');

    // if the form has been submitted
    $errorMsg = "";
    if ($_POST['username']){

            include_once('db_connect.php');
            $username = stripslashes($_POST['username']);
            $username = strip_tags($username);
            $username = mysql_real_escape_string($_POST['username']);
            $password = mysql_real_escape_string($_POST['password']); 
            $hashedPass = md5($password);


            $sql = "SELECT username,password FROM members WHERE username ='$username' AND password = '$hashedPass'";
            $login_check = mysql_query($sql);
            $count = mysql_num_rows($login_check);
            $row = mysql_fetch_array($login_check);
            //var_dump($id, $username, $password);

                if($count==1)
                    {
                        session_start();
                        //$id = $row["id"]; 
                        //                $_SESSION['id'] = $userid; 
                        //                $username = $row['username'];  
                        //                $_SESSION['username'] = $username; 
                        //                header("location: member_profile.php?id=$userid"); 
                         echo "User name OK";
                         return true;
        } else {
            echo "Wrong username or password";
            return false;

                    }
                }

    ?>

每当有人注册 $id = mysql_insert_id(); 时,都会从最后一个查询中提取 ID 并启动 $_SESSION['id']。但是,在 if($count==1) 之后的登录过程中,我完全迷失了。由于某种原因,名称和密码被检查并通过但 ID 失败。我确实尝试添加“SELECT id FROM members WHERE id='$id'”,但我的 $id 始终未定义。

我的 member_profile.php 是这样的:

<?php
session_start();
$toplinks = "";
if(isset($_SESSION['id'])) {
//If the user IS logged in show this menu
$userid = $_SESSION['id'];
$username = $_SESSION['username'];
$toplinks = '
<a href="member_profile.php?id=' .$userid. '"> Profile </a> &bull;
<a href="member_account.php">Account</a> &bull;
<a href="logout.php">Logout</a>
';

} else {
// If the user IS NOT logged in show this menu
$toplinks = '
<a href="register.php">JOIN</a> &bull;
<a href="login.php">LOGIN</a>
';

}

?>

感谢大家提供有关安全性、结构和编码风格的任何提示。这对我来说是 php 的第 3 天。

请原谅任何错误。

4

3 回答 3

2

if正在评论里面检查这个——

<?php // if the form has been submitted $errorMsg = ""; if

编辑它——

    <?php 
    // if the form has been submitted 
    $errorMsg = ""; 
    if(($_POST['username']) && ($_POST['password'])){

你也在你的代码中使用mysql和使用——mysqli

$row = mysqli_fetch_array($sql);

利用 - 

$row = mysql_fetch_array($sql);

查看您的会议以及评论中提到的菲尔。

session_start()
于 2012-11-07T05:01:40.443 回答
1

替换代码 

$row = mysqli_fetch_array($sql); to $row = mysql_fetch_array($login_check);  



if($count==1)
                    {

                        $id = $row['id'];
                        session_start();
                        $_SESSION['id'] = $id; 
                        //$row = mysqli_fetch_array($sql);
                        $username = $row['username'];  

                        $_SESSION['username'] = $username;
                        header("location: member_profile.php?id=$id");
                        exit();
                        } else {
                        echo "Wrong username or password";
                        return false;
                    }

如果表中有任何 id 字段,还请更改您的查询:

$sql = "SELECT id,username,password FROM members WHERE username ='$username' AND password = '$hashedPass'";
于 2012-11-07T05:04:11.790 回答
0

首先,我检查了代码。由于这是我的第 4 天 php,我开始将所有内容从 mysql 更改为 mysqli,这对我来说更有意义。代码可能仍然很混乱,但到目前为止它确实有效。谢谢

$sql = ("SELECT * FROM members WHERE username = '$username' && password = '$hashedPass'");
            $login_check = mysqli_query($link, $sql);
            $count = $login_check->num_rows;
            $row = mysqli_fetch_array($login_check);
             printf("Result set has %d rows.\n", $count);

                if($count==1)
                    {
                        session_start();
                        $id = $row["id"]; 
                        $_SESSION['id'] = $id; 
                        $username = $row['username'];  
                        $_SESSION['username'] = $username; 
                        header("location: member_profile.php?id=$id"); 
                        echo "User name OK";
                        return true;
于 2012-11-08T23:40:06.977 回答