php - 注册和登录表格

Question

我创建了通过电子邮件发送链接的注册表单，您必须单击它才能成功注册，这使您必须登录。问题是我无法登录，而其他一切都在工作美好的。您将在下面找到我的 register.php、activation.php 和 login.php。任何帮助都会很棒。

动作 = register.php

if ($_GET['action'] == 'register') {
   if(isset($_POST['formsubmitted'])){
       $error = array();
   if(empty($_POST['username'])){
       $error[] = 'Please enter a username';
   }else{
       $username = $_POST['username'];
    }
  if(empty($_POST['email'])){
      $error[] = 'Please enter a mail';
  }else{
      if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) {
      $email = $_POST['email'];
  }else{
      $error[] = 'Your mail is invalid';
  }
}
if (empty($_POST['password'])){
    $error[] = 'Please enter a password';
}else{
    $password = $_POST['password'];
    $password = md5(uniqid(rand(),true));
}
if (empty($error)){
    $verify_email = "SELECT * FROM members WHERE email = '$email'";
    $result_verify_email = mysql_query($verify_email,$lnk);
 if (!$result_verify_email){
    echo 'Database error';
 }
 if (mysql_fetch_assoc($result_verify_email) == 0){
    $activationCode = md5(uniqid(rand(),true));
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)";
    $result_insert_users = mysql_query($insert_users,$lnk);
      if(!$result_insert_users){
         echo 'Database error';
      }
      if(mysql_affected_rows($lnk) == 1){
         $message = 'To activate your account, please click on this link:\n\n";';
         $message .= WEBSITE_URL . '/index.php?                page=activation&action=activation&key='.$activationCode;
         mail(
              $email,
              'Registration Confirmation',
               $message,
              'FROM:' . EMAIL
             );
         echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link';
     }else {
         echo 'You could not be registered';
      }
     }else {
        echo 'That email address has already been registered.</div>';
    }

行动=激活

if ($_GET['action'] == 'invitation') {

    if (!empty($_GET['key'])){
        //thelw na eleksw an afto to key uparxei sto tabale members
        $sql = "SELECT * FROM members WHERE activationCode = '".$_GET['key']."'";
        $result=mysql_query($sql,$lnk);
        $user=  mysql_fetch_assoc($result);

        if(!empty($user)){
            //edw tha energopoiisw ton xristi
            $sql = "UPDATE members SET flag=1 WHERE username = '".$user['username']."'";
            mysql_query($sql,$lnk); 
        }else{
            echo "this is WRONG";
        }
    }else{
        echo 'No key';
    }

}

动作 = 登录

if ($_GET['action'] == 'login') {
         $error = array();
         if (empty($_POST['username'])) {
            $error[] = 'You forgot to enter your username ';
         } else{
             $username = $_POST['username'];
           }
        if (empty($_POST['password'])) {
            $error[] = 'Please Enter Your Password ';
        } else {
            $password = $_POST['password'];
            $password = md5(uniqid(rand(),true));
        }

            $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' ";
            $result_check_credentials = mysql_query($check_credentials,$lnk);
            $user_check_credentials = mysql_fetch_assoc($result_check_credentials);

            if(!empty($user_check_credentials)){
                $_SESSION['Auth'] = $user_check_credentials['username'];
                header('location:index.php?page=home');
            }else{
                $message = '<img src="css/photos/zzzdoop.png"> ';
                $_SESSION['Auth'] = false;
            }

  } elseif ($_GET['action'] == 'logout') {
        $_SESSION['Auth'] = false;
    }

score 1 · Accepted Answer

你做错了密码。

使用下面的代码

if ($_GET['action'] == 'register') {
   if(isset($_POST['formsubmitted'])){
       $error = array();
   if(empty($_POST['username'])){
       $error[] = 'Please enter a username';
   }else{
       $username = $_POST['username'];
    }
  if(empty($_POST['email'])){
      $error[] = 'Please enter a mail';
  }else{
      if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) {
      $email = $_POST['email'];
  }else{
      $error[] = 'Your mail is invalid';
  }
}
if (empty($_POST['password'])){
    $error[] = 'Please enter a password';
}else{
    $password = md5($_POST['password']);

}
if (empty($error)){
    $verify_email = "SELECT * FROM members WHERE email = '$email'";
    $result_verify_email = mysql_query($verify_email,$lnk);
 if (!$result_verify_email){
    echo 'Database error';
 }
 if (mysql_fetch_assoc($result_verify_email) == 0){
    $activationCode = md5(uniqid(rand(),true));
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)";
    $result_insert_users = mysql_query($insert_users,$lnk);
      if(!$result_insert_users){
         echo 'Database error';
      }
      if(mysql_affected_rows($lnk) == 1){
         $message = 'To activate your account, please click on this link:\n\n";';
         $message .= WEBSITE_URL . '/index.php?                page=activation&action=activation&key='.$activationCode;
         mail(
              $email,
              'Registration Confirmation',
               $message,
              'FROM:' . EMAIL
             );
         echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link';
     }else {
         echo 'You could not be registered';
      }
     }else {
        echo 'That email address has already been registered.</div>';
    }

并用于登录

if ($_GET['action'] == 'login') {
         $error = array();
         if (empty($_POST['username'])) {
            $error[] = 'You forgot to enter your username ';
         } else{
             $username = $_POST['username'];
           }
        if (empty($_POST['password'])) {
            $error[] = 'Please Enter Your Password ';
        } else {
            $password = md5($_POST['password']);

        }

            $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' ";
            $result_check_credentials = mysql_query($check_credentials,$lnk);
            $user_check_credentials = mysql_fetch_assoc($result_check_credentials);

            if(!empty($user_check_credentials)){
                $_SESSION['Auth'] = $user_check_credentials['username'];
                header('location:index.php?page=home');
            }else{
                $message = '<img src="css/photos/zzzdoop.png"> ';
                $_SESSION['Auth'] = false;
            }

  } elseif ($_GET['action'] == 'logout') {
        $_SESSION['Auth'] = false;
    }

score 0 · Accepted Answer

我猜错误在这里：

动作 = 登录

if (empty($_POST['password'])) {
    $error[] = 'Please Enter Your Password ';
} else {
    $password = $_POST['password'];
    $password = md5(uniqid(rand(),true)); // HERE
}

您刚刚将密码更改为完全随机的密码，然后您正试图在数据库中查找它...

score 0 · Accepted Answer

编程的关键是了解你在做什么，并知道确定问题所在的方法。一切都是为了解决问题。正如您在代码中看到的那样：（操作=登录）

else {
    $password = $_POST['password'];
    $password = md5(uniqid(rand(),true));
}

您每次都生成一个随机密码，而不是对提供的密码进行哈希处理。然后，您继续检查它是否与用户存在。你需要让它像你的注册方法：

$password = md5($_POST['password']);

您遇到的另一个问题是在查询中检查有效用户。您的flag字段是 anint但您将其视为字符串。

AND flag = '1' ";

需要是

AND flag = 1 ";

注意：不要使用 MySQL_*，因为它从 PHP 5.5 起已被弃用。使用 MySQLi_* 或 PDO。你对 SQL 注入也很开放，要小心。

php - 注册和登录表格

3 回答 3

Related

Reference