-1

我正在为我的网站制作注册表单。

<?php
  include('config.php');

  if(isset($_SESSION['username'])) {
    header('Location:index.php');
  }

  if(isset($_POST['submit-registerform'])) {
    Register();
  }

  function Register() {
    if(!empty($_POST['username']) &&
       !empty($_POST['password']) &&
       !empty($_POST['lastname']) &&
       !empty($_POST['email'])) {
         // Database Connection:
         require('config.php');
         $MyConnection = new PDO('mysql:host=x;dbname=x', $dbusername, $dbpassword);
         $MyConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

         // Information from user:
         $username = htmlspecialchars($_POST['username']);
         $password = htmlspecialchars($_POST['password']);
         $lastname = htmlspecialchars($_POST['lastname']);
         $email = htmlspecialchars($_POST['email']);

         // Hashing the password:
         $cost = 10;
         $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
         $salt = sprintf("$2a$%02d$", $cost) . $salt;
         $hash = crypt($password, $salt);

         // Check if username already exists in the database:
         $findUser = $MyConnection->prepare("SELECT Username FROM Users WHERE Username = :username OR Email = :email");
         $findUser->bindParam(':username', $username);
         $findUser->bindParam(':email', $email);
         $findUser->execute();

         $foundUser = $findUser->fetch(PDO::FETCH_OBJ);

         if($username == $foundUser->Username) {
           echo '
             <div id="pop-up">
             This username is already in use. Please choose another one.
             </div>
             ';
         }
         elseif($email == $foundUser->Email) {
           echo '
             <div id="pop-up">
             This email address is already in use. Please sign up with a different one. <br />
             If this is impossible, please <a href="contact.php">contact us</a>.
             </div>
             ';
         }
         else {
           // Store information into the database:
           $sql = $MyConnection->prepare("INSERT INTO Users (Username, Password, Lastname, Email) 
             VALUES (:username, :password, :lastname, :email");
           $sql->bindParam(':username', $username);
           $sql->bindParam(':password', $hash);
           $sql->bindParam(':lastname', $lastname);
           $sql->bindParam(':email', $email);

           if($sql->execute()) {
             echo '
               <div id="pop-up">
               Your account has succesfully been registered. You can start using it right away, by clicking
               <a href="login.php">here</a>.
               </div>
               ';
         }
       }
  }
}
?>

当我在表单中填写信息并且我已经使用了存储在数据库中的用户名时,我会得到正确的弹出窗口,显示该用户名已在使用中。但是,当我填写不同的信息(使用或不使用相同的电子邮件地址)时,我会被发送到另一个不存在的网页,因此我的主机会接管并显示他们的错误屏幕。

有谁知道为什么它将网页的访问者发送到另一个页面(不存在)?

提前致谢!

4

1 回答 1

2
$findUser = $MyConnection->prepare("SELECT Username FROM Users 
WHERE Username = :username OR Email = :email");

您正在检查:

$email == $foundUser->Email

但您从未从$findUser声明中选择它。

于 2013-11-09T21:18:51.953 回答