-1

我有一个基本的注册系统。代码如下。它无法注册用户。connect.php 站点工作......如果我手动将信息添加到数据库,登录部分工作。我不断收到一条错误消息,如下所示……“发生错误。您的帐户未创建。”

<?php

if ( $_POST['registerbtn'] ){

    $getuser = $_POST['user'];
    $getemail = $_POST['email'];
    $getpass = $_POST['pass'];
    $getretypepass = $_POST['retypepass'];

    if ($getuser){

        if ($getemail){

            if ($getpass){
                if ($getretypepass){
                    if ( $getpass === $getretypepass ){
                        if( (strlen($getemail) >= 7) && (strstr($getemail,"@")) && (strstr($getemail,".")) ){

                            require("./connect.php");

                            $query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
                            $numrows = mysql_num_rows($query);
                                if ($numrows == 0){
                                    $query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
                                    $numrows = mysql_num_rows($query);
                                        if ($numrows == 0){
                                            $password = md5(md5("18sde#@!".$password."@1kwe#28"));
                                            $date = date("F d, Y");
                                            $code = md5(rand());

                                            mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')");



                                            $query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
                                            $numrows = mysql_num_rows($query);
                                            if ($numrows == 1){

                                                $site = "http://localhost/test";
                                                $webmaster = "activation@test.com";
                                                $headers = "From: $webmaster";
                                                $subject = "Activate your account";
                                                $message = "Thanks for registering. Click the link below to active your account.";
                                                $message .= "$site/activate.php?user=$getuser&code=$code";
                                                $message .= "You must activate your account to login.";

                                                if ( mail($getemail, $subject, $message, $headers) ){

                                                    $errormsg = "You have been registered. You must activate your account using your email $getemail";
                                                    $getusr = "";
                                                    $getemail = "";

                                                }
                                                else
                                                    $errormsg = "An error has occurred. Your activation email was not sent.";
                                            }
                                            else
                                                $errormsg = "An error has occurred. Your account was not created.";

                                        }
                                        else
                                            $errormsg ="There is already a email with that email.";
                                    }
                                    else
                                        $errormsg ="There is already a user with that username.";

                                    mysql_close();
                        }
                        else
                            $errormsg = "You must enter a valid email address to register.";
                    }
                    else
                        $errormsg = "Your passwords did not match";
                }
                else
                    $errormsg = "You must retype your password to register.";


            }
                else
                    $errormsg = "You must enter your password to register.";


        }
        else
            $errormsg = "You must enter your email to register.";


    }
    else
        $errormsg = "You must enter your username to register.";

}




$form = "<form action='./register.php' method='post'>
<table>
<tr>
    <td></td>
    <td><font color='red'>$errormsg</font></td>
</tr>
<tr>
    <td>Username:</td>
    <td><input type='text' name='user' value'$getuser' /></td>
</tr>
<tr>
    <td>Email:</td>
    <td><input type='text' name='email' value'$getemail' /></td>
</tr>
<tr>
    <td>Password:</td>
    <td><input type='password' name='pass' value'' /></td>
</tr>
<tr>
    <td>Retype Password:</td>
    <td><input type='password' name='retypepass' value'' /></td>
</tr>
<tr>
    <td></td>
    <td><input type='submit' name='registerbtn' value'Register' /></td>
</tr>
</table>
</form>";

echo $form;

?>
4

2 回答 2

1

你正在做INSERT一个user-

mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')");
                         ----

但是做你SELECTusers

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
                                    -----

因此,您INSERT永远不会插入一行供您稍后选择。

注意:您对 SQL 注入持开放态度。至少清理您的$_POST数据。或移动到mysqli_PDO使用准备好的语句。

于 2013-06-11T23:36:27.460 回答
0

不是解决方案,而是一些使您的代码更简单和更好的解决方法:

  1. 不要使用mysql_函数,使用mysqlior PDO。mysql_ 已弃用。

  2. 不要单独验证输入(增加了很多不必要的条件和嵌套)。这样的事情更简单:

    $createUser = 真;

    if(!$getuser) { $errorMsg = '你的错误信息'; $createUser = 假;} if(!$getemail) { $errorMsg = '你的错误信息'; $createUser = 假;} if(!$getpass) { $errorMsg = '你的错误信息'; $createUser = 假;}

    if( $createUser ) { ... 创建用户 ... }

  3. real_escape_string使用(查找 mysqli 和 pdo 的实现)清理您的输入

  4. 最后,添加一些调试。例如,$sql使用您的 INSERT 查询和echo它创建一个 var,以查看查询的格式是否正确。

于 2013-06-11T23:31:06.843 回答