注册和登录表格

我已经创建了注册表单，通过电子邮件发送链接，您必须单击它才能成功注册，这使您必须登录。问题是我无法登录，而其他一切工作正常。下面你会发现我的register.php，activation.php和login.php。任何帮助都会很棒。注册和登录表格

行动= register.php

if ($_GET['action'] == 'register') { 
    if(isset($_POST['formsubmitted'])){ 
     $error = array(); 
    if(empty($_POST['username'])){ 
     $error[] = 'Please enter a username'; 
    }else{ 
     $username = $_POST['username']; 
    } 
    if(empty($_POST['email'])){ 
     $error[] = 'Please enter a mail'; 
    }else{ 
     if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) { 
     $email = $_POST['email']; 
    }else{ 
     $error[] = 'Your mail is invalid'; 
    } 
} 
if (empty($_POST['password'])){ 
    $error[] = 'Please enter a password'; 
}else{ 
    $password = $_POST['password']; 
    $password = md5(uniqid(rand(),true)); 
} 
if (empty($error)){ 
    $verify_email = "SELECT * FROM members WHERE email = '$email'"; 
    $result_verify_email = mysql_query($verify_email,$lnk); 
if (!$result_verify_email){ 
    echo 'Database error'; 
} 
if (mysql_fetch_assoc($result_verify_email) == 0){ 
    $activationCode = md5(uniqid(rand(),true)); 
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)"; 
    $result_insert_users = mysql_query($insert_users,$lnk); 
     if(!$result_insert_users){ 
     echo 'Database error'; 
     } 
     if(mysql_affected_rows($lnk) == 1){ 
     $message = 'To activate your account, please click on this link:\n\n";'; 
     $message .= WEBSITE_URL . '/index.php?    page=activation&action=activation&key='.$activationCode; 
     mail(
       $email, 
       'Registration Confirmation', 
       $message, 
       'FROM:' . EMAIL 
      ); 
     echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link'; 
    }else { 
     echo 'You could not be registered'; 
     } 
    }else { 
     echo 'That email address has already been registered.</div>'; 
    }

行动=激活

if ($_GET['action'] == 'invitation') { 

    if (!empty($_GET['key'])){ 
     //thelw na eleksw an afto to key uparxei sto tabale members 
     $sql = "SELECT * FROM members WHERE activationCode = '".$_GET['key']."'"; 
     $result=mysql_query($sql,$lnk); 
     $user= mysql_fetch_assoc($result); 

     if(!empty($user)){ 
      //edw tha energopoiisw ton xristi 
      $sql = "UPDATE members SET flag=1 WHERE username = '".$user['username']."'"; 
      mysql_query($sql,$lnk); 
     }else{ 
      echo "this is WRONG"; 
     } 
    }else{ 
     echo 'No key'; 
    } 

}

动作=登录

if ($_GET['action'] == 'login') { 
     $error = array(); 
     if (empty($_POST['username'])) { 
      $error[] = 'You forgot to enter your username '; 
     } else{ 
      $username = $_POST['username']; 
      } 
     if (empty($_POST['password'])) { 
      $error[] = 'Please Enter Your Password '; 
     } else { 
      $password = $_POST['password']; 
      $password = md5(uniqid(rand(),true)); 
     } 

      $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' "; 
      $result_check_credentials = mysql_query($check_credentials,$lnk); 
      $user_check_credentials = mysql_fetch_assoc($result_check_credentials); 

      if(!empty($user_check_credentials)){ 
       $_SESSION['Auth'] = $user_check_credentials['username']; 
       header('location:index.php?page=home'); 
      }else{ 
       $message = '<img src="css/photos/zzzdoop.png"> '; 
       $_SESSION['Auth'] = false; 
      } 

    } elseif ($_GET['action'] == 'logout') { 
     $_SESSION['Auth'] = false; 
    }

来源

2013-03-13 C.Sef

您是否应用了任何调试方法来确定您无法登录的原因？ – UnholyRanger 2013-03-13 12:50:54

是的，我做到了！不工作的部分在执行=登录。如果（！empty（$ user_check_credentials））{ die（'1'）; $ _SESSION ['Auth'] = $ user_check_credentials ['username']; header（'location：index.php？页=家“）; } else { $ message =''; $ _SESSION ['Auth'] = false; } – 2013-03-13 12:58:14

调试方法不是简单的'die（）'，但它包括做变量转储（'var_dump（）'）来查看你有什么值和何时。 – UnholyRanger 2013-03-13 13:00:01

你正在做的错密码。

下面的代码

if ($_GET['action'] == 'register') { 
    if(isset($_POST['formsubmitted'])){ 
     $error = array(); 
    if(empty($_POST['username'])){ 
     $error[] = 'Please enter a username'; 
    }else{ 
     $username = $_POST['username']; 
    } 
    if(empty($_POST['email'])){ 
     $error[] = 'Please enter a mail'; 
    }else{ 
     if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) { 
     $email = $_POST['email']; 
    }else{ 
     $error[] = 'Your mail is invalid'; 
    } 
} 
if (empty($_POST['password'])){ 
    $error[] = 'Please enter a password'; 
}else{ 
    $password = md5($_POST['password']); 

} 
if (empty($error)){ 
    $verify_email = "SELECT * FROM members WHERE email = '$email'"; 
    $result_verify_email = mysql_query($verify_email,$lnk); 
if (!$result_verify_email){ 
    echo 'Database error'; 
} 
if (mysql_fetch_assoc($result_verify_email) == 0){ 
    $activationCode = md5(uniqid(rand(),true)); 
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)"; 
    $result_insert_users = mysql_query($insert_users,$lnk); 
     if(!$result_insert_users){ 
     echo 'Database error'; 
     } 
     if(mysql_affected_rows($lnk) == 1){ 
     $message = 'To activate your account, please click on this link:\n\n";'; 
     $message .= WEBSITE_URL . '/index.php?    page=activation&action=activation&key='.$activationCode; 
     mail(
       $email, 
       'Registration Confirmation', 
       $message, 
       'FROM:' . EMAIL 
      ); 
     echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link'; 
    }else { 
     echo 'You could not be registered'; 
     } 
    }else { 
     echo 'That email address has already been registered.</div>'; 
    }

和登录

if ($_GET['action'] == 'login') { 
     $error = array(); 
     if (empty($_POST['username'])) { 
      $error[] = 'You forgot to enter your username '; 
     } else{ 
      $username = $_POST['username']; 
      } 
     if (empty($_POST['password'])) { 
      $error[] = 'Please Enter Your Password '; 
     } else { 
      $password = md5($_POST['password']); 

     } 

      $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' "; 
      $result_check_credentials = mysql_query($check_credentials,$lnk); 
      $user_check_credentials = mysql_fetch_assoc($result_check_credentials); 

      if(!empty($user_check_credentials)){ 
       $_SESSION['Auth'] = $user_check_credentials['username']; 
       header('location:index.php?page=home'); 
      }else{ 
       $message = '<img src="css/photos/zzzdoop.png"> '; 
       $_SESSION['Auth'] = false; 
      } 

    } elseif ($_GET['action'] == 'logout') { 
     $_SESSION['Auth'] = false; 
    }

来源

2013-03-13 12:54:13

意见建议：不要复制所有代码，将其保留到需要修复的区域（易于理解的答案）。另外，不要支持使用'MySQL_ *'功能 – UnholyRanger 2013-03-13 13:03:46

谢谢！我做了这2个改变，但它仍然不起作用。 – 2013-03-13 13:12:47

请打印此查询和“SELECT * FROM members WHERE username ='”。$ username。“'AND password ='”。$ password。“'AND flag ='1'”;并在phpmyadmin中执行并查看结果 – 2013-03-13 13:25:36

我猜的错误使用是在这里：

动作=登录

if (empty($_POST['password'])) { 
    $error[] = 'Please Enter Your Password '; 
} else { 
    $password = $_POST['password']; 
    $password = md5(uniqid(rand(),true)); // HERE 
}

您已经只是改变了你的密码int o什么东西是完全随机的，然后你试图在数据库中寻找它......

来源

2013-03-13 12:54:44 GarethL

编程的关键是理解你在做什么以及知道什么是错误的方法。这是关于解决问题的一切。正如你可以在你的代码中看到：（动作=登录）

else { 
    $password = $_POST['password']; 
    $password = md5(uniqid(rand(),true)); 
}

您生成每次随机密码，而不是散列时提供的密码。然后您继续检查它是否与用户存在。你需要使它像你的注册方法：

$password = md5($_POST['password']);

你有另外一个问题是在查询中检查有效的用户。您的flag字段是int，但您将其视为字符串。

AND flag = '1' ";

必须

AND flag = 1 ";

注意：不要使用MySQL_ *它已被弃用的PHP 5.5的。使用MySQLi_ *或PDO。您也对SQL注入开放，请小心。

来源

2013-03-13 12:56:39 UnholyRanger

我做了更改，但问题仍未解决！感谢您的建议，我会阅读关于SQL注入。 – 2013-03-13 13:14:14

刚刚更新的答案 – UnholyRanger 2013-03-13 13:16:53

对于注入信息查看[Bobby-Tables]（http://www.bobby-tables.com/） – UnholyRanger 2013-03-13 13:19:35

注册和登录表格

回答

相关问题