0 
<?php
$utype = $_POST['type'];
$username=$_POST['username'];
$pre = $_POST['pre'];
$fname = $_POST['fname'];
$fname = ucwords($fname);
$lname = $_POST['lname'];
$lname = ucwords($lname);
$address = $_POST['address'];
$city = $_POST['city'];
$city = ucwords($city);
$province=$_POST['province'];
$pcode = $_POST['pcode'];
$pcode = mb_strtoupper($pcode);
$area_code = $_POST['area_code'];
$number1= $_POST['number1'];
$number2= $_POST['number2'];
$phnum = "(".$area_code.")".$number1."-".$number2;
$email = $_POST['nemail'];
$opass=$_POST['pass1'];
$pass = md5($_POST['pass1']);
$time=date("F j, Y");
$status="Not Activated";
                                                   if($email=="" || $username=="" || $fname=="" || $lname=="" || $address=="" or $pass==""){                                                   die("<script language='JavaScript'>
                                                                    window.alert('Not Enough Data Provided!')</script>
                                                                    <meta http-equiv='REFRESH' content='0; r    egister.php'>");;
                                                            }
include 'db_connect.php';
$sql = "select * from estatedeal_login where username = '".strtolower($username)."' OR     email = '".strtolower($email)."'";

            $result=mysql_query($sql);
        $row=mysql_fetch_array($result);
            if($row){
                                                        die("<script language='JavaScript'>
                                                            window.alert('Username/E-mail address already Exists!')</script>
                                                            <meta http-equiv='REFRESH' content='0; register.php'>");;
            }


$sql="INSERT INTO estatedeal_login (username, email, password, utype, opass, time, status)
                VALUES ('$username', '$email', '$pass', '$utype', '$opass', '$time', '$status')";

$result=mysql_query($sql);
                if($result){
                        $sql2="Select uid from estatedeal_login where email='$email' AND password='$pass'";
                        $result2=mysql_query($sql2);
                        $row=mysql_fetch_array($result2);
                        $uid=$row["uid"];   



                        $sql3="INSERT INTO estate_userinfo(uid, pre, fname, lname, address, city, province, pcode, phnum, email) VALUES ('$uid', '$pre', '$fname', '$lname', '$address', '$city', '$province', '$pcode', '$phnum', '$email')";
                        $result3=mysql_query($sql3) or die("<script language='JavaScript'>
                                                            window.alert('Sorry, Database Error!')</script>
                                                            <meta http-equiv='REFRESH' content='0; register.php'>");;
                        if ($result3){

                                        $hour = time() + 3600*2; 
                                        setcookie('USERNAME_COOKIE', $email, $hour);
                                        setcookie('PASSWORD_COOKIE', $pass, $hour);
                                        if($utype=="Realtor"){ die("<meta http-equiv='REFRESH' content='0; regRealtor.php'>");; }
                                    echo "<script language='JavaScript'>
                                    window.location ='main.php';</script>";
                                    }
    }
    else{
        die(mysql_error());
    }
?>

以上是我的代码。它在 mysql 中正确插入数据字段,但不在客户端设置 cookie。如果我尝试使用我在数据库中插入的信息登录,则用于设置 cookie 的相同代码在登录页面上可以正常工作。还有更多设置cookie的选项吗?

    $hour = time() + 3600*2; 
 setcookie('USERNAME_COOKIE', $email, $hour);
 setcookie('PASSWORD_COOKIE', $pass, $hour);
4

4 回答 4

0

使用会话而不是 cookie。会话比 cookie 更安全并存储在服务器上。

使用 session_start(); 在 PHP 文件的开头,然后像这样在会话中存储任何内容

$_SESSION['email'] = $email;

& 获取文件开头 session_start() 函数存储在会话中的值

$email = $_SESSION['email'];

会话更安全,因为它们存储在服务器而不是浏览器上。

于 2013-09-15T07:48:17.893 回答
0

我强烈建议您了解$_SESSION以及如何清理从数据库中读取$_POST$_GET在数据库中插入任何内容之前读取的变量;

http://php.net/manual/en/function.mysql-real-escape-string.php还要考虑您在我发送给您的页面上看到的警告。

于 2013-09-15T07:37:14.520 回答
0

1 尝试把 ob_start()

<?php
ob_start()

2 尝试放置路径参数

setcookie('USERNAME_COOKIE', $email, $hour,'/');
setcookie('PASSWORD_COOKIE', $pass, $hour,'/');
于 2013-09-15T07:44:21.487 回答
0

不是您问题的直接答案,但可能有用:

您可以使用 SESSION 代替 cookie,看看这个问题:Cookie VS Session

您可能还想看看使用 SESSION 实现用户管理的UserCake 。以下是来自 UserCake (login.php) 的片段:

      //Passwords match! we're good to go'

      //Construct a new logged in user object
      //Transfer some db data to the session object
      $loggedInUser = new loggedInUser();
      $loggedInUser->email = $userdetails["email"];
      $loggedInUser->user_id = $userdetails["id"];
      $loggedInUser->hash_pw = $userdetails["password"];
      $loggedInUser->title = $userdetails["title"];
      $loggedInUser->displayname = $userdetails["display_name"];
      $loggedInUser->username = $userdetails["user_name"];

      //Update last sign in
      $loggedInUser->updateLastSignIn();
      $_SESSION["userCakeUser"] = $loggedInUser;

至少对我来说,这感觉比打电话更干净setcookie('USERNAME_COOKIE', $email, $hour);

于 2013-09-15T07:41:15.960 回答