0

我正在关注 Adam Khoury 的“如何构建社交网络网站”教程,并且正在学习第 6 课“注册表单和电子邮件激活 PHP MySQL JavaScript 编程教程”。

课程和代码在这里: http ://www.developphp.com/view.php?tid=1294

完成本课后,我有一个新用户注册表单,但我遇到了两个问题。

1.表格显示注册成功,它显示正确的确认消息“OK TestUser,请稍后检查您的电子邮件收件箱和垃圾邮件箱(whatever@gmail.com),以通过激活您的帐户来完成注册过程。您在您成功激活您的帐户之前,您将无法在网站上执行任何操作。” ,但是用户的详细信息没有输入到它应该去的用户数据库表中。

2.确认邮件不会发送到用户的收件箱(或垃圾邮件)

我使用 bluehost.com 作为我的服务器,并且我在 bluehost 创建了正确的电子邮件地址(出于隐私原因,电子邮件地址已在下面的代码中更改为“auto_responder@myserver.com”)。

这是我的 signup.php 文件:

<?php session_start();
// If user is logged in, header them away
if(isset($_SESSION["username"])){
    header("location: message.php?msg=NO to that weenis");
    exit();
}
?><?php if(isset($_POST["usernamecheck"])){
    include_once("php_includes/db_conx.php");
    $username = preg_replace('#[^a-z0-9]#i', '', $_POST['usernamecheck']);
    $sql = "SELECT id FROM users WHERE username='$username' LIMIT 1";
    $query = mysqli_query($db_conx, $sql); 
    $uname_check = mysqli_num_rows($query);
    if (strlen($username) < 3 || strlen($username) > 16) {
        echo '<strong style="color:#F00;">3 - 16 characters please</strong>';
        exit();
    }
    if (is_numeric($username[0])) {
        echo '<strong style="color:#F00;">Usernames must begin with a letter</strong>';
        exit();
    }
    if ($uname_check < 1) {
        echo '<strong style="color:#009900;">' . $username . ' is OK</strong>';
        exit();
    } else {
        echo '<strong style="color:#F00;">' . $username . ' is taken</strong>';
        exit();
    }
}
?><?php if(isset($_POST["u"])){
    // CONNECT TO THE DATABASE
    include_once("php_includes/db_conx.php");
    // GATHER THE POSTED DATA INTO LOCAL VARIABLES
    $u = preg_replace('#[^a-z0-9]#i', '', $_POST['u']);
    $e = mysqli_real_escape_string($db_conx, $_POST['e']);
    $p = $_POST['p'];
    $g = preg_replace('#[^a-z]#', '', $_POST['g']);
    $c = preg_replace('#[^a-z ]#i', '', $_POST['c']);
    // GET USER IP ADDRESS
    $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
    // DUPLICATE DATA CHECKS FOR USERNAME AND EMAIL
    $sql = "SELECT id FROM users WHERE username='$u' LIMIT 1";
    $query = mysqli_query($db_conx, $sql); 
    $u_check = mysqli_num_rows($query);
    // -------------------------------------------
    $sql = "SELECT id FROM users WHERE email='$e' LIMIT 1";
    $query = mysqli_query($db_conx, $sql); 
    $e_check = mysqli_num_rows($query);
    // FORM DATA ERROR HANDLING
    if($u == "" || $e == "" || $p == "" || $g == "" || $c == ""){
        echo "The form submission is missing values.";
        exit();
    } else if ($u_check > 0){ 
        echo "The username you entered is alreay taken";
        exit();
    } else if ($e_check > 0){ 
        echo "That email address is already in use in the system";
        exit();
    } else if (strlen($u) < 3 || strlen($u) > 16) {
        echo "Username must be between 3 and 16 characters";
        exit(); 
    } else if (is_numeric($u[0])) {
        echo 'Username cannot begin with a number';
        exit();
    } else {
    // END FORM DATA ERROR HANDLING
        // Begin Insertion of data into the database
        // Hash the password and apply your own mysterious unique salt

        /*$cryptpass = crypt($p);
        include_once ("php_includes/randStrGen.php");
        $p_hash = randStrGen(20)."$cryptpass".randStrGen(20);*/
        $p_hash = md5($p);//CHANGE THIS!!!!!

        // Add user info into the database table for the main site table
        $sql = "INSERT INTO users (username, email, password, gender, country, ip, signup, lastlogin, notescheck)       
                VALUES('$u','$e','$p_hash','$g','$c','$ip',now(),now(),now())";
        $query = mysqli_query($db_conx, $sql); 
        $uid = mysqli_insert_id($db_conx);
        // Establish their row in the useroptions table
        $sql = "INSERT INTO useroptions (id, username, background) VALUES ('$uid','$u','original')";
        $query = mysqli_query($db_conx, $sql);
        // Create directory(folder) to hold each user's files(pics, MP3s, etc.)
        if (!file_exists("user/$u")) {
            mkdir("user/$u", 0755);
        }
        // Email the user their activation link
        $to = "$e";                          
        $from = "auto_responder@myserver.com";
        $subject = 'yoursitename Account Activation';
        $message = '<!DOCTYPE html><html><head><meta charset="UTF-8"><title>yoursitename Message</title></head><body style="margin:0px; font-family:Tahoma, Geneva, sans-serif;"><div style="padding:10px; background:#333; font-size:24px; color:#CCC;"><a href="http://www.yoursitename.com"><img src="http://www.yoursitename.com/images/logo.png" width="36" height="30" alt="yoursitename" style="border:none; float:left;"></a>yoursitename Account Activation</div><div style="padding:24px; font-size:17px;">Hello '.$u.',<br /><br />Click the link below to activate your account when ready:<br /><br /><a href="http://www.yoursitename.com/activation.php?id='.$uid.'&u='.$u.'&e='.$e.'&p='.$p_hash.'">Click here to activate your account now</a><br /><br />Login after successful activation using your:<br />* E-mail Address: <b>'.$e.'</b></div></body></html>';
        $headers = "From: $from\n";
        $headers .= "MIME-Version: 1.0\n";
        $headers .= "Content-type: text/html; charset=iso-8859-1\n";
        mail($to, $subject, $message, $headers);
        echo "signup_success";
        exit();
    }
    exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Sign Up</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="style/style.css">
<style type="text/css">
#signupform{
    margin-top:24px;    
}
#signupform > div {
    margin-top: 12px;   
}
#signupform > input,select {
    width: 200px;
    padding: 3px;
    background: #F3F9DD;
}
#signupbtn {
    font-size:18px;
    padding: 12px;
}
#terms {
    border:#CCC 1px solid;
    background: #F5F5F5;
    padding: 12px;
}
</style>
<script src="js/main.js"></script>
<script src="js/ajax.js"></script>
<script>
function restrict(elem){
    var tf = _(elem);
    var rx = new RegExp;
    if(elem == "email"){
        rx = /[' "]/gi;
    } else if(elem == "username"){
        rx = /[^a-z0-9]/gi;
    }
    tf.value = tf.value.replace(rx, "");
}
function emptyElement(x){
    _(x).innerHTML = "";
}
function checkusername(){
    var u = _("username").value;
    if(u != ""){
        _("unamestatus").innerHTML = 'checking ...';
        var ajax = ajaxObj("POST", "signup.php");
        ajax.onreadystatechange = function() {
            if(ajaxReturn(ajax) == true) {
                _("unamestatus").innerHTML = ajax.responseText;
            }
        }
        ajax.send("usernamecheck="+u);
    }
}
function signup(){
    var u = _("username").value;
    var e = _("email").value;
    var p1 = _("pass1").value;
    var p2 = _("pass2").value;
    var c = _("country").value;
    var g = _("gender").value;
    var status = _("status");
    if(u == "" || e == "" || p1 == "" || p2 == "" || c == "" || g == ""){
        status.innerHTML = "Fill out all of the form data";
    } else if(p1 != p2){
        status.innerHTML = "Your password fields do not match";
    } else if( _("terms").style.display == "none"){
        status.innerHTML = "Please view the terms of use";
    } else {
        _("signupbtn").style.display = "none";
        status.innerHTML = 'please wait ...';
        var ajax = ajaxObj("POST", "signup.php");
        ajax.onreadystatechange = function() {
            if(ajaxReturn(ajax) == true) {
                if(ajax.responseText.replace(/^\s+|\s+$/g, "") == "signup_success"){
                    status.innerHTML = ajax.responseText;
                    _("signupbtn").style.display = "block";
                } else {
                    window.scrollTo(0,0);
                    _("signupform").innerHTML = "OK "+u+", check your email inbox and junk mail box at <u>"+e+"</u> in a moment to complete the sign up process by activating your account. You will not be able to do anything on the site until you successfully activate your account.";
                }
            }
        }
        ajax.send("u="+u+"&e="+e+"&p="+p1+"&c="+c+"&g="+g);
    }
}
function openTerms(){
    _("terms").style.display = "block";
    emptyElement("status");
}
/* function addEvents(){
    _("elemID").addEventListener("click", func, false);
}
window.onload = addEvents; */
</script>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
  <h3>Sign Up Here</h3>
  <form name="signupform" id="signupform" onSubmit="return false;">
    <div>Username: </div>
    <input id="username" type="text" onBlur="checkusername()" onKeyUp="restrict('username')" maxlength="16">
    <span id="unamestatus"></span>
    <div>Email Address:</div>
    <input id="email" type="text" onFocus="emptyElement('status')" onKeyUp="restrict('email')" maxlength="88">
    <div>Create Password:</div>
    <input id="pass1" type="password" onFocus="emptyElement('status')" maxlength="16">
    <div>Confirm Password:</div>
    <input id="pass2" type="password" onFocus="emptyElement('status')" maxlength="16">
    <div>Gender:</div>
    <select id="gender" onFocus="emptyElement('status')">
      <option value=""></option>
      <option value="m">Male</option>
      <option value="f">Female</option>
    </select>
    <div>Country:</div>
    <select id="country" onFocus="emptyElement('status')">
      <?php include_once("template_country_list.php"); ?>
    </select>
    <div>
      <a href="#" onClick="return false" onMouseDown="openTerms()">
        View the Terms Of Use
      </a>
    </div>
    <div id="terms" style="display:none;">
      <h3>Web Intersect Terms Of Use</h3>
      <p>1. Play nice here.</p>
      <p>2. Take a bath before you visit.</p>
      <p>3. Brush your teeth before bed.</p>
    </div>
    <br /><br />
    <button id="signupbtn" onClick="signup()">Create Account</button>
    <span id="status"></span>
  </form>
</div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>
4

2 回答 2

1

您不应该依赖 Adam Khoury 的“如何建立社交网络”教程。
一半的代码刚刚过时,而且不可靠。可以从该源执行太多 SQL 注入。但是 Ajax 教程也非常好和可靠。这是一个很好的开始方式,但不应该依赖它。
mysql_太过时了。我建议使用PDO.
但是,这又是一个老问题了。

于 2016-09-30T00:41:32.950 回答
0

我不确定您是否找到了答案,但我也遇到了这个问题。

1)确保来自地址的电子邮件是正确的,否则您将不会向他们发送电子邮件。现在实际名称不需要正确,但 @Yourdomain.com 可以。许多公司输入了一个虚假的电子邮件地址,通常是 noreply@yourdomain.com,这实际上没有收件箱,或者它确实存在但没有人检查它的事实。我个人添加了该电子邮件地址并且不费心制作它,因为我宁愿将我的电子邮件插槽用于其他用途。只是要澄清一下,使用我的方法,我从未遇到过垃圾邮件问题,所有电子邮件都会进入那里的收件箱。

2)我的用户表没有被写入(但 useroptions 是),我把它归结为在这段代码中

// Add user info into the database table for the main site table
        $sql = "INSERT INTO users (username, email, password, gender, country, ip, signup, lastlogin, notescheck)       
                VALUES('$u','$e','$p_hash','$g','$c','$ip',now(),now(),now())";

最后它说 now() 很好,这需要更改为 NOW() 并确保将所有 now() 更改为 NOW()。一旦我完成表被写入也只是仔细检查以确保您的表名和数据库中的行与您在代码中的匹配。如果它们不匹配,那么只需更改数据库上的名称我已将以下名称添加到您的数据库名称应为:

users(表名),username(users表中的行名),email(users表中的行名),password(users表中的行名),gender(users表中的行名),country,(用户表中的行名),ip(用户表中的行名),注册(用户表中的行名),lastlogin(用户表中的行名),notescheck(用户表中的行名)。您会在该表中找到更多未列出的行,但不要担心,因为它们会在以后的视频中添加。

我知道这个问题是大约一年前提出的,但我发帖是为了让你有答案,如果你仍然想要它,最重要的是任何有同样问题的人,那么在我写下这个答案之后你也可以找到他们的解决方案需要。如果这不能解决您的问题,请回复并让我知道,我会看看是否可以帮助您。

于 2014-01-15T17:28:09.720 回答