2012-05-24 55 views
-2

我是新的PHP/MySQL和抱歉,如果我的问题是愚蠢的。我正在尝试使用php和mysql制作注册/登录/注销系统。我的技能不好,我不是程序员,所以我试图改变我在网上找到的脚本。它包含文件,index.php,激活php。 login.php,logout.php,register.php。注册系统与php/mysql:无法找到用户

这伟大的工作,当我试图给出的实例中,但我改变了代码相当多,因为我希望用户在注册类似的名字,姓氏等增加更多的价值,而不仅仅是用户名,密码和电子邮件。所以我改变了代码,并在mysql数据库中添加了更多列。现在,它赢得吨的工作,它说,可以“找不到用户,当我尝试激活我也可以” T登录

的index.php:是一个非常简单的文件,有一个HTML表单,并要求如果他想登录或注册,也未知用户启动一个会话

logout.php:简单地取消设置会话

的login.php:

<?php session_start(); ?> 
<html> 
<body> 
    <?php 
    if(isset($_POST["user"])){ 
     $con = mysql_connect("localhost","root","password"); 
     if (!$con) 
      { 
      die('Could not connect: ' . mysql_error()); 
      } 

     mysql_select_db("myapp", $con); 

     $sql = "SELECT * FROM `users` WHERE `user` LIKE '". mysql_real_escape_string($_POST["user"]) 
     ."' AND ". 
      "`pass` LIKE MD5('". mysql_real_escape_string($_POST["pass"]) 
     ."') AND ". 
      "`active` = 'DONE'"; 

     $result = mysql_query($sql); 

     $found = 0; 
     while ($row = mysql_fetch_array($result)) { 
      if ($row[1]==$_POST["user"]) { 
       $found = 1; 
      } 
     } 

     if ($found) { 
     $_SESSION["USER"] = $_POST["user"]; 
     ?>Thank you for logging in<? 
     } 
     else { 
     ?>User/Pass is wrong!<? 
     } 

     mysql_close($con); 
    } 
    else { 
    ?> 

     Please log-in:<br/> 
     <form action="login.php" method="POST"> 
      User: <input type="text" name="user"><br /> 
      Pass: <input type="password" name="pass"><br /> 
      <input type="submit" /> 
     </form> 

    <?php 
    } 
    ?> 

register.php:

<?php session_start(); ?> 
<html> 
<body> 
<?php 
    if(isset($_POST["user"])){ 
     $con = mysql_connect("localhost","root","password"); 
     if (!$con) 
      { 
      die('Could not connect: ' . mysql_error()); 
      } 

     mysql_select_db("myapp", $con); 

     $random = rand(); 

     $sql = "INSERT INTO `myapp`.`users` (`id`, `user`, `pass`, `active`, `firstname`, `lastname`, `mail`) ". 
     " VALUES (NULL, '". mysql_real_escape_string($_POST["user"]) 
     ."', MD5('".mysql_real_escape_string($_POST["pass"]) 
     ."'), '".mysql_real_escape_string($random) 
     ."'), '".mysql_real_escape_string($_POST["firstname"]) 
     ."'), '".mysql_real_escape_string($_POST["lastname"]) 
     ."')'".mysql_real_escape_string($_POST["mail"]) 
     ."');"; 

     mysql_query($sql); 

     mysql_close($con); 

     $message = "Please put this url http://localhost/mypage/activate.php?active=" . $random . " in your browser to activate your account."; 
     @mail($_POST["mail"], 'Thank you for registering', $message); 

     ?>Thank you <?php echo $_POST["user"]; ?> we send you a confirmation e-mail in <?php echo $_POST["mail"]; ?><?php 

     echo $message; 
    } 
    else { 
     ?> 
     Please register:<br/> 
     <form action="register.php" method="POST"> 
      User: <input type="text" name="user"><br /> 
      Pass: <input type="password" name="pass"><br /> 
      firstname:<input type="text" name="firstname"><br /> 
      lastname:<input type="text" name="lastname"><br /> 
      mail: <input type="text" name="mail"><br /> 

      <input type="submit" /> 
     </form> 

     <?php 
    } 
?> 

activate.php:

<?php session_start(); ?> 
<html> 
<body> 
     <?php 
    if(isset($_GET["active"])){ 
     $con = mysql_connect("localhost","root","password"); 
     if (!$con) 
      { 
      die('Could not connect: ' . mysql_error()); 
      } 

     mysql_select_db("myapp", $con); 

     $sql = "SELECT * FROM `users` WHERE `active` LIKE '".  
mysql_real_escape_string($_GET["active"])."'"; 

     $result = mysql_query($sql); 

     $found = 0; 
     while ($row = mysql_fetch_array($result)) { 
      $found = 1; 
     } 

     if ($found) { 

     $sql = "UPDATE `users` SET `active` ='DONE'"; 

     $result = mysql_query($sql); 

     ?>Thank you for activating<? 
     } 
     else { 
     ?>Can't find user!<? 
     } 

     mysql_close($con); 
    } 
    else { 
    ?>Invalid activation<?php 
    } 
    ?> 
</body> 
</html> 

任何帮助将欢迎,谢谢你,对于长篇大论抱歉!^_^

+0

行,我明白!谢谢!! :) – ElaGorilaki

+1

请停止使用古老的'mysql_ *'函数编写新代码。他们不再被维护,社区已经开始[弃用流程](http://goo.gl/KJveJ)。相反,您应该了解[准备好的语句](http://goo.gl/vn8zQ)并使用[PDO](http://php.net/pdo)或[MySQLi](http://php.net/ mysqli的)。如果你不能决定,[本文](http://goo.gl/3gqF9)将有助于选择。如果你关心学习,[这里是一个很好的PDO相关教程](http://goo.gl/vFWnC)。 –

回答

2

register.php,你在SQL语法错误,你有太多的右括号。
更换这部分是这样的:

$sql = "INSERT INTO `myapp`.`users` (`id`, `user`, `pass`, `active`, `firstname`, `lastname`, `mail`) VALUES 
    (NULL,". 
    "'". mysql_real_escape_string($_POST["user"])."',". 
    "MD5('".mysql_real_escape_string($_POST["pass"])."'),". 
    "'".mysql_real_escape_string($random)."',". 
    "'".mysql_real_escape_string($_POST["firstname"])."',". 
    "'".mysql_real_escape_string($_POST["lastname"])."',". 
    "'".mysql_real_escape_string($_POST["mail"])."');";