2013-03-13 239 views
0

我已經創建了註冊表單,通過電子郵件發送鏈接,您必須單擊它才能成功註冊,這使您必須登錄。問題是我無法登錄,而其他一切工作正常。下面你會發現我的register.php,activation.php和login.php。任何幫助都會很棒。註冊和登錄表格

行動= register.php

if ($_GET['action'] == 'register') { 
    if(isset($_POST['formsubmitted'])){ 
     $error = array(); 
    if(empty($_POST['username'])){ 
     $error[] = 'Please enter a username'; 
    }else{ 
     $username = $_POST['username']; 
    } 
    if(empty($_POST['email'])){ 
     $error[] = 'Please enter a mail'; 
    }else{ 
     if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) { 
     $email = $_POST['email']; 
    }else{ 
     $error[] = 'Your mail is invalid'; 
    } 
} 
if (empty($_POST['password'])){ 
    $error[] = 'Please enter a password'; 
}else{ 
    $password = $_POST['password']; 
    $password = md5(uniqid(rand(),true)); 
} 
if (empty($error)){ 
    $verify_email = "SELECT * FROM members WHERE email = '$email'"; 
    $result_verify_email = mysql_query($verify_email,$lnk); 
if (!$result_verify_email){ 
    echo 'Database error'; 
} 
if (mysql_fetch_assoc($result_verify_email) == 0){ 
    $activationCode = md5(uniqid(rand(),true)); 
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)"; 
    $result_insert_users = mysql_query($insert_users,$lnk); 
     if(!$result_insert_users){ 
     echo 'Database error'; 
     } 
     if(mysql_affected_rows($lnk) == 1){ 
     $message = 'To activate your account, please click on this link:\n\n";'; 
     $message .= WEBSITE_URL . '/index.php?    page=activation&action=activation&key='.$activationCode; 
     mail(
       $email, 
       'Registration Confirmation', 
       $message, 
       'FROM:' . EMAIL 
      ); 
     echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link'; 
    }else { 
     echo 'You could not be registered'; 
     } 
    }else { 
     echo 'That email address has already been registered.</div>'; 
    } 

行動=激活

if ($_GET['action'] == 'invitation') { 

    if (!empty($_GET['key'])){ 
     //thelw na eleksw an afto to key uparxei sto tabale members 
     $sql = "SELECT * FROM members WHERE activationCode = '".$_GET['key']."'"; 
     $result=mysql_query($sql,$lnk); 
     $user= mysql_fetch_assoc($result); 

     if(!empty($user)){ 
      //edw tha energopoiisw ton xristi 
      $sql = "UPDATE members SET flag=1 WHERE username = '".$user['username']."'"; 
      mysql_query($sql,$lnk); 
     }else{ 
      echo "this is WRONG"; 
     } 
    }else{ 
     echo 'No key'; 
    } 

} 

動作=登錄

if ($_GET['action'] == 'login') { 
     $error = array(); 
     if (empty($_POST['username'])) { 
      $error[] = 'You forgot to enter your username '; 
     } else{ 
      $username = $_POST['username']; 
      } 
     if (empty($_POST['password'])) { 
      $error[] = 'Please Enter Your Password '; 
     } else { 
      $password = $_POST['password']; 
      $password = md5(uniqid(rand(),true)); 
     } 

      $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' "; 
      $result_check_credentials = mysql_query($check_credentials,$lnk); 
      $user_check_credentials = mysql_fetch_assoc($result_check_credentials); 

      if(!empty($user_check_credentials)){ 
       $_SESSION['Auth'] = $user_check_credentials['username']; 
       header('location:index.php?page=home'); 
      }else{ 
       $message = '<img src="css/photos/zzzdoop.png"> '; 
       $_SESSION['Auth'] = false; 
      } 

    } elseif ($_GET['action'] == 'logout') { 
     $_SESSION['Auth'] = false; 
    } 
+1

您是否應用了任何調試方法來確定您無法登錄的原因? – UnholyRanger 2013-03-13 12:50:54

+0

是的,我做到了!不工作的部分在執行=登錄。如果(!empty($ user_check_credentials)){ die('1'); $ _SESSION ['Auth'] = $ user_check_credentials ['username']; header('location:index.php?頁=家「); } else { $ message =''; $ _SESSION ['Auth'] = false; } – 2013-03-13 12:58:14

+0

調試方法不是簡單的'die()',但它包括做變量轉儲('var_dump()')來查看你有什麼值和何時。 – UnholyRanger 2013-03-13 13:00:01

回答

1

你正在做的錯密碼。

下面的代碼

if ($_GET['action'] == 'register') { 
    if(isset($_POST['formsubmitted'])){ 
     $error = array(); 
    if(empty($_POST['username'])){ 
     $error[] = 'Please enter a username'; 
    }else{ 
     $username = $_POST['username']; 
    } 
    if(empty($_POST['email'])){ 
     $error[] = 'Please enter a mail'; 
    }else{ 
     if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$_POST['email'])) { 
     $email = $_POST['email']; 
    }else{ 
     $error[] = 'Your mail is invalid'; 
    } 
} 
if (empty($_POST['password'])){ 
    $error[] = 'Please enter a password'; 
}else{ 
    $password = md5($_POST['password']); 

} 
if (empty($error)){ 
    $verify_email = "SELECT * FROM members WHERE email = '$email'"; 
    $result_verify_email = mysql_query($verify_email,$lnk); 
if (!$result_verify_email){ 
    echo 'Database error'; 
} 
if (mysql_fetch_assoc($result_verify_email) == 0){ 
    $activationCode = md5(uniqid(rand(),true)); 
    $insert_users = "INSERT INTO members VALUES ('','".$username."','".$email."','".$password."','".$activationCode."',0)"; 
    $result_insert_users = mysql_query($insert_users,$lnk); 
     if(!$result_insert_users){ 
     echo 'Database error'; 
     } 
     if(mysql_affected_rows($lnk) == 1){ 
     $message = 'To activate your account, please click on this link:\n\n";'; 
     $message .= WEBSITE_URL . '/index.php?    page=activation&action=activation&key='.$activationCode; 
     mail(
       $email, 
       'Registration Confirmation', 
       $message, 
       'FROM:' . EMAIL 
      ); 
     echo 'A confirmation email has been sent to ' . $Email . ' Please click on the Activation Link'; 
    }else { 
     echo 'You could not be registered'; 
     } 
    }else { 
     echo 'That email address has already been registered.</div>'; 
    } 

和登錄

if ($_GET['action'] == 'login') { 
     $error = array(); 
     if (empty($_POST['username'])) { 
      $error[] = 'You forgot to enter your username '; 
     } else{ 
      $username = $_POST['username']; 
      } 
     if (empty($_POST['password'])) { 
      $error[] = 'Please Enter Your Password '; 
     } else { 
      $password = md5($_POST['password']); 

     } 

      $check_credentials = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."' AND flag = '1' "; 
      $result_check_credentials = mysql_query($check_credentials,$lnk); 
      $user_check_credentials = mysql_fetch_assoc($result_check_credentials); 

      if(!empty($user_check_credentials)){ 
       $_SESSION['Auth'] = $user_check_credentials['username']; 
       header('location:index.php?page=home'); 
      }else{ 
       $message = '<img src="css/photos/zzzdoop.png"> '; 
       $_SESSION['Auth'] = false; 
      } 

    } elseif ($_GET['action'] == 'logout') { 
     $_SESSION['Auth'] = false; 
    } 
+0

意見建議:不要複製所有代碼,將其保留到需要修復的區域(易於理解的答案)。另外,不要支持使用'MySQL_ *'功能 – UnholyRanger 2013-03-13 13:03:46

+0

謝謝!我做了這2個改變,但它仍然不起作用。 – 2013-03-13 13:12:47

+0

請打印此查詢和「SELECT * FROM members WHERE username ='」。$ username。「'AND password ='」。$ password。「'AND flag ='1'」;並在phpmyadmin中執行並查看結果 – 2013-03-13 13:25:36

0

我猜的錯誤使用是在這裏:

動作=登錄

if (empty($_POST['password'])) { 
    $error[] = 'Please Enter Your Password '; 
} else { 
    $password = $_POST['password']; 
    $password = md5(uniqid(rand(),true)); // HERE 
} 

您已經只是改變了你的密碼int o什麼東西是完全隨機的,然後你試圖在數據庫中尋找它......

0

編程的關鍵是理解你在做什麼以及知道什麼是錯誤的方法。這是關於解決問題的一切。正如你可以在你的代碼中看到:(動作=登錄)

else { 
    $password = $_POST['password']; 
    $password = md5(uniqid(rand(),true)); 
} 

您生成每次隨機密碼,而不是散列時提供的密碼。然後您繼續檢查它是否與用戶存在。你需要使它像你的註冊方法:

$password = md5($_POST['password']); 

你有另外一個問題是在查詢中檢查有效的用戶。您的flag字段是int,但您將其視爲字符串。

AND flag = '1' "; 

必須

AND flag = 1 "; 

注意:不要使用MySQL_ *它已被棄用的PHP 5.5的。使用MySQLi_ *或PDO。您也對SQL注入開放,請小心。

+0

我做了更改,但問題仍未解決!感謝您的建議,我會閱讀關於SQL注入。 – 2013-03-13 13:14:14

+0

剛剛更新的答案 – UnholyRanger 2013-03-13 13:16:53

+0

對於注入信息查看[Bobby-Tables](http://www.bobby-tables.com/) – UnholyRanger 2013-03-13 13:19:35