我想让用户登录在php

Question

我想让用户显示，当我点击浏览本地主机中的phpmyadmin。我创建了一个名为test的表。我试图，当你注册，它显示在数据库和体征他或她了用户，但它并没有使用此代码： hoping.php：

<?php 
$reg  = @$_users['reg']; 
$fn  = ""; 
$ln  = ""; 
$un  = ""; 
$em  = ""; 
$em2  = ""; 
$pswd = ""; 
$pswd2 = ""; 
$d  = ""; 
$u_check = ""; 
$fn  = strip_tags(@$_test['fname']); 
$ln  = strip_tags(@$_test['lname']); 
$un  = strip_tags(@$_test['username']); 
$em  = strip_tags(@$_users['email']); 
$em2  = strip_tags(@$_users['email2']); 
$pswd = strip_tags(@$_users['password']); 
$pswd2 = strip_tags(@$_users['password2']); 
$d  = date("Y-m-d"); 

if ($reg) { 
    if ($em == $em2) { 
     $u_check = mysql_query("SELECT username FROM users WEHRE username='$un'"); 
     $check = mysql_num_rows($u_check); 
     if ($check == 0) { 
      if ($fn && $ln && $un && $em && $em2 && $pswd && $pswd2) { 
       if ($pswd == $pswd2) { 
        if (strlen($un) > 25 || strlen($fn) > 25 || strlen($ln) > 25) { 
         echo "The maximum limit for username/first name/last name is 25 characters!"; 
        } else { 
         if (strlen($pswd) > 30 || strlen($pswd) < 5) { 
          echo "Your password must be between 5 and 30 characters long!"; 
         } else { 
          $pswd = md5($pswd); 
          $pswd2 = md5($pswd2); 
          $query = mysql_query("INSERT INTO users VALUES ('', '$un', '$fn', '$ln','$em', '$pswd', '$d','0')"); 
          die("<h2>Welcome to communicate</h2>Login to your account to get started ..."); 
         } 
        } 
       } else { 
        echo "Your passwords don't match!"; 
       } 
      } else { 
       echo "Please fill in all of the fields"; 
      } 
     } else { 
      echo "Username already taken ..."; 
     } 
    } else { 
     echo "Your E-mails don't match!"; 
    } 
} 
if (isset($_users["user_login"]) && isset($_users["password_login"])) { 
    $user_login  = preg_replace('#[^A-Za-z0-9]#i', '', $_users["user_login"]); 
    $password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_users["password _login"]); 
} 
?> 

<div style="width: 800px; margin: 0px auto 0px auto;"> 
<table> 
    <tr> 
     <td width="60%" valign="top"> 
     <h2>Already a member? Sign in below!</h2> 
     <form action="hoping.php" method="users"> 
      <input type="text" name="username" size="25" placeholder="Username"/><br /><br /> 
      <input type="text" name="Password2" size="25" placeholder="Password (again)"/><br /><br /> 
      <input type="submit" name="reg" value="Sign Up!"> 
     </form> 
     <td> 
     <td width="40%"> 
     <h2>Sign Up Below!</h2> 
     <form action="hoping.php" method="users"> 
     <input type="text" name="fname" size="25" placeholder="First Name" /> 
     <p /> 
      <input type="text" name="lname" size="25" placeholder="Last Name"/><br /><br /> 
      <input type="text" name="username" size="25" placeholder="username"/><br /><br /> 
      <input type="text" name="email" size="25" placeholder="Email Address"/><br /><br /> 
      <input type="text" name="email2" size="25" placeholder="Email Address (again)"/><br /><br /> 
      <input type="text" name="password" size="25" placeholder="Password"/><br /><br /> 
      <input type="text" name="Password2" size="25" placeholder="Password (again)"/><br /><br /> 
      <input type="submit" name="reg" value="Sign Up!"> 
     </td> 
    </tr> 
</table> 

<?php include ("./connect.inc.php"); 

connect.inc.php

<?php 
mysql_connect("localhost", "root", "") or die("Couldnt conocet to server"); 
mysql_select_db("test") or die("Could'nt select DB"); 
?> 

Answer 1

好吧，这是改进后的脚本。请确保您阅读所有的注释和正确的东西，因为这是不准备使用的代码！

您connect.inc.php更改为（请确保您所有信息所必要的填写）：

<?php 

$dbhost = ""; //MySQL host (usually: localhost) 
$dbuser = ""; //MySQL user 
$dbpass = ""; //MySQL password 
$dbname = ""; //MySQL database name 

$pdo = new PDO("mysql:host=".$dbhost.";dbname=". $dbname, $dbuser, $dbpass); 
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 

?> 

更改hoping.php到：

<?php 

require "connect.inc.php"; 

/* 
Using md5 to encrypt a password is not secure. 
I've written a much more secure function for password encryption. 
However this requires your database to have enough room for it. 

For example: `password` VARCHAR(128) NOT NULL 

If you need to alter your database to make the room, please 
execute this command in phpMyAdmin (change password to whatever 
the column name is in your users table): 

ALTER TABLE `users` MODIFY COLUMN `password` VARCHAR(128); 

If your database has the room for this, please set the following 
variable to true. Otherwise leave it false to keep using md5. 
*/ 
$secureCrypt = false; 

if(isset($_POST['login'])){ 
    $sql = "SELECT * FROM users WHERE username = :user"; 
    $pre = $pdo->prepare($sql); 

    $pre->bindValue(":user", $_POST['Username']); 

    if($pre->execute()){ 
     $data = $pre->fetch(); 
     if($secureCrypt){ 
      //Please correct 'column_name_here'. 
      //I was unable to do this for you because I lacked the column name 
      //where the passwords are stored. 
      if(crypt($_POST['Password'], $data['column_name_here']) == $data['column_name_here']){ 
       echo "You have succesfully logged in!<br />"; 
      } else { 
       echo "Invalid password!<br />"; 
      } 
     } else { 
      if(md5($_POST['Password']) == $data['column_name_here']){ 
       echo "You have succesfully logged in!<br />"; 
      } else { 
       echo "Invalid password!<br />"; 
      } 
     } 
    } else { 
     echo "\nMySQL returned error:\n"; 
     print_r($pdo->errorInfo()); 
    } 
} 

if(isset($_POST['register'])){ 
    $error = false; 
    $error_text = ""; 

    //Check names for illegal characters 
    // Allows A-Z, a-z, underscore(_), dots(.), spaces and dashes(-) 
    function nameRegex($var){ 
     if(!preg_match("/^[a-zA-Z_\. \-]+$/i", $var)){ 
      return true; 
     } else { 
      return false; 
     } 
    } 

    //Check names for illegal characters 
    // Allows A-Z, a-z, underscore(_), dots(.) and dashes(-) 
    function userRegex($var){ 
     if(!preg_match("/^[0-9a-zA-Z_\-]+$/i", $var)){ 
      return true; 
     } else { 
      return false; 
     } 
    } 

    //Check for valid mail address 
    function mailFilter($var){ 
     if(filter_var($var, FILTER_VALIDATE_EMAIL) === false){ 
      return true; 
     } else { 
      return false; 
     } 
    } 

    //Check if 2 values match 
    function matchValues($var1, $var2){ 
     if($var1 != $var2){ 
      return true; 
     } else { 
      return false; 
     } 
    } 

    //Check if username already exists 
    function checkUser($user){ 
     $sql = "SELECT username FROM users WHERE username = :user"; 
     $pre = $pdo->prepare($sql); 

     $pre->bindValue(":user",$user); 

     if($pre->execute()){ 
      $count = $pre->rowCount(); 
      if($count > 0){ 
       return true; 
      } else { 
       return false; 
      } 
     } else { 
      echo "\nMySQL returned error:\n"; 
      print_r($pdo->errorInfo()); 
     } 
    } 

    //Check for correct size 
    function checkSize($var, $size){ 
     if(strlen($var) > $size){ 
      return true; 
     } else { 
      return false; 
     } 
    } 

    //Securely encrypt user passwords 
    function cryptPass($pass, $rounds = 9){ 
     $salt = ""; 
     $saltChars = array_merge(range('A','Z'), range('a','z'), range(0,9)); 

     for($i=0;$i<22;$i++){ 
      $salt .= $saltChars[array_rand($saltChars)]; 
     } 

     return crypt($pass, sprintf('$2y$%02d$', $rounds) . $salt); 
    } 


    if(nameRegex($_POST['fname'])){ 
     $error = true; 
     $error_text .= "Your First Name contains illegal characters!<br />"; 
    } 

    if(nameRegex($_POST['lname'])){ 
     $error = true; 
     $error_text .= "Your Last Name contains illegal characters!<br />"; 
    } 

    if(userRegex($_POST['username'])){ 
     $error = true; 
     $error_text .= "Your Username contains illegal characters!<br />"; 
    } 

    if(mailFilter($_POST['email'])){ 
     $error = true; 
     $error_text .= "Your Email Address does not appear to be valid!<br />"; 
    } 

    if(mailFilter($_POST['email2'])){ 
     $error = true; 
     $error_text .= "Your 2nd Email Address does not appear to be valid!<br />"; 
    } 

    if(matchValues($_POST['email'], $_POST['email2'])){ 
     $error = true; 
     $error_text .= "It appears both Email Addresses did not match!<br />"; 
    } 

    if(matchValues($_POST['password'], $_POST['password2'])){ 
     $error = true; 
     $error_text .= "It appears both Passwords did not match!<br />"; 
    } 

    if(checkUser($_POST['username'])){ 
     $error = true; 
     $error_text .= "The Username is already taken by another user!<br />"; 
    } 

    if(checkSize($_POST['fname'], 25)){ 
     $error = true; 
     $error_text .= "The First Name contains to many characters!<br />"; 
    } 

    if(checkSize($_POST['lname'], 50)){ 
     $error = true; 
     $error_text .= "The Last Name contains to many characters!<br />"; 
    } 

    if(checkSize($_POST['username'], 16)){ 
     $error = true; 
     $error_text .= "The Username contains to many characters!<br />"; 
    } 

    if(checkSize($_POST['username'], 125)){ 
     $error = true; 
     $error_text .= "The Email address contains to many characters!<br />"; 
    } 

    if(!$error){ 
     if($secureCrypt){ 
      $hashPass = cryptPass($_POST['password']); 
     } else { 
      $hashPass = md5($_POST['password']); 
     } 

     $sql = "INSERT INTO users VALUES ('',':username',':fname',':lname',':email',':password',':date','0')"; 
     $pre = $pdo->prepare($sql); 

     $pre->bindValue(":username",$_POST['username']); 
     $pre->bindValue(":fname",$_POST['fname']); 
     $pre->bindValue(":lname",$_POST['lname']); 
     $pre->bindValue(":email",$_POST['email']); 
     $pre->bindValue(":password",$_POST['password']); 
     $pre->bindValue(":date",date("Y-m-d")); 

     if($pre->execute()){ 
      echo "You are succesfully registered. Welcome!"; 
     } else { 
      echo "\nMySQL returned error:\n"; 
      print_r($pdo->errorInfo()); 
     } 
    } else { 
     echo "There are some problems with your registration.<br />"; 
     echo "Please correct the following errors:<br /><br />"; 
     echo $error_text; 
     echo "<br />"; 
    } 
} 

?> 

<!DOCTYPE HTML> 
<html> 
    <head> 
     <title>Login Page</title> 
     <style> 
     #div1 { 
      width: 800px; 
      margin: 0px auto 0px auto; 
     } 
     #td1 { 
      width: 60%; 
      vertical-align: top; 
     } 
     #td2 { 
      width: 40%; 
     } 
     </style> 
    </head> 
    <body> 
     <div id="div1"> 
      <table> 
       <tr> 
        <td id="td1"> 
         <h2>Already a member? Sign in below!</h2> 
         <form action="hoping.php" method="post" id="user_login" accept-charset="utf-8"> 
          <input type="text" name="username" size="25" placeholder="Username"/><br /><br /> 
          <input type="password" name="Password" size="25" placeholder="Password"/><br /><br /> 
          <input type="submit" name="login" value="Login!"> 
         </form> 
        </td> 
        <td id="td2"> 
         <h2>Sign Up Below!</h2> 
         <form action="hoping.php" method="post" id="user_register" accept-charset="utf-8"> 
          <input type="text" name="fname" size="25" placeholder="First Name" value="<?php echo $_POST['fname'] ?>" /><br /><br /> 
          <input type="text" name="lname" size="25" placeholder="Last Name" value="<?php echo $_POST['lname'] ?>" /><br /><br /> 
          <input type="text" name="username" size="25" placeholder="username" value="<?php echo $_POST['username'] ?>" /><br /><br /> 
          <input type="text" name="email" size="25" placeholder="Email Address" value="<?php echo $_POST['email'] ?>" /><br /><br /> 
          <input type="text" name="email2" size="25" placeholder="Email Address (again)" value="<?php echo $_POST['email2'] ?>" /><br /><br /> 
          <input type="text" name="password" size="25" placeholder="Password"/><br /><br /> 
          <input type="text" name="password2" size="25" placeholder="Password (again)"/><br /><br /> 
          <input type="submit" name="register" value="Sign Up!"> 
         </form> 
        </td> 
       </tr> 
      </table> 
     </div> 
    </body> 
</html>