0

我正在尝试完成用户在我的网站上的注册过程。带有激活链接的确认电子邮件正确发送。但是,当我单击激活链接时,我只能得到结果“错误,看起来您正在尝试做一些不寻常的事情。请联系我们”,当人们试图搞砸时,这应该是保留的结果等。我编写的 SQL 查询旨在将已注册信息但尚未激活其帐户的人从“tempusers”表转移到“users”表。一旦他们单击电子邮件中的链接,就会发生这种情况。我看不出我的逻辑哪里错了,为什么当'tempusers'表中有注册用户时,这条记录没有被拾取。这是我的activation.php 代码。

<?php

include("includes/connect.php");

if(isset($_GET['email']) && preg_match(
'/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['email'])){
$email = mysql_real_escape_string($_GET['email']);
}

if(isset($_GET['key']) && (strlen($_GET['key'])==32)){
$key = mysql_real_escape_string($_GET['key']);
}

if(isset($email) && isset($key)){
$result = mysql_query(" SELECT * FROM tempusers WHERE (email='$email' AND activation='$key') LIMIT 1 ")
or die(mysql_error());
while($row = mysql_fetch_array($result)){
    $user_id = mysql_real_escape_string($row['user_id']);
    $username = mysql_real_escape_string($row['username']);
    $email = mysql_real_escape_string($row['email']);
    $password = mysql_real_escape_string($row['password']);
}

$result1 = mysql_query(" INSERT INTO users (user_id,username,email,password,role,credits)
VALUES ('','$username','$email','$password','user',0)") or die(mysql_error());

$result2 = mysql_query(" DELETE FROM tempusers WHERE user_id='$user_id' ") or die(mysql_error());

if(!$result1){
    echo "Oops your account could not be activated, please contact the system admin team!";
}else{
    header( 'Location:prompt.php?x=0' );
}
}else{
echo "Error, looks like you were trying to do something out of the ordinary. Please contact us";
}
?>
4

1 回答 1

0

Looks like one of following 4 is false

(isset($_GET['email'])  or 

preg_match('/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/', $_GET['email']) or

(isset($_GET['key']) or 

(strlen($_GET['key'])==32))

Assuming you have email and key set in url for get and most likely you are 100% certain that there is key variable in get and it will have 32 characters, then that leaves to only preg_match where must be the error. It is also likely that the email could be url encoded. Make sure that when have expected value in $_GET['email'] by printing it out. If it is not what you expected you might want to sanitize it...

于 2013-08-22T01:52:06.067 回答