2013-06-11 153 views
-1

我有一個基本的註冊系統。代碼如下。無法註冊用戶。 connect.php網站工作...登錄部分工作,如果我手動添加信息到數據庫。我不斷收到我設置的錯誤消息,請參閱以下內容......「發生錯誤,您的帳戶未創建。」PHP註冊系統用戶信息未被存儲在mysql中

<?php 

if ($_POST['registerbtn']){ 

    $getuser = $_POST['user']; 
    $getemail = $_POST['email']; 
    $getpass = $_POST['pass']; 
    $getretypepass = $_POST['retypepass']; 

    if ($getuser){ 

     if ($getemail){ 

      if ($getpass){ 
       if ($getretypepass){ 
        if ($getpass === $getretypepass){ 
         if((strlen($getemail) >= 7) && (strstr($getemail,"@")) && (strstr($getemail,"."))){ 

          require("./connect.php"); 

          $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
          $numrows = mysql_num_rows($query); 
           if ($numrows == 0){ 
            $query = mysql_query("SELECT * FROM users WHERE email='$getemail'"); 
            $numrows = mysql_num_rows($query); 
             if ($numrows == 0){ 
              $password = md5(md5("18sde#@!".$password."@1kwe#28")); 
              $date = date("F d, Y"); 
              $code = md5(rand()); 

              mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')"); 



              $query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
              $numrows = mysql_num_rows($query); 
              if ($numrows == 1){ 

               $site = "http://localhost/test"; 
               $webmaster = "[email protected]"; 
               $headers = "From: $webmaster"; 
               $subject = "Activate your account"; 
               $message = "Thanks for registering. Click the link below to active your account."; 
               $message .= "$site/activate.php?user=$getuser&code=$code"; 
               $message .= "You must activate your account to login."; 

               if (mail($getemail, $subject, $message, $headers)){ 

                $errormsg = "You have been registered. You must activate your account using your email $getemail"; 
                $getusr = ""; 
                $getemail = ""; 

               } 
               else 
                $errormsg = "An error has occurred. Your activation email was not sent."; 
              } 
              else 
               $errormsg = "An error has occurred. Your account was not created."; 

             } 
             else 
              $errormsg ="There is already a email with that email."; 
            } 
            else 
             $errormsg ="There is already a user with that username."; 

            mysql_close(); 
         } 
         else 
          $errormsg = "You must enter a valid email address to register."; 
        } 
        else 
         $errormsg = "Your passwords did not match"; 
       } 
       else 
        $errormsg = "You must retype your password to register."; 


      } 
       else 
        $errormsg = "You must enter your password to register."; 


     } 
     else 
      $errormsg = "You must enter your email to register."; 


    } 
    else 
     $errormsg = "You must enter your username to register."; 

} 




$form = "<form action='./register.php' method='post'> 
<table> 
<tr> 
    <td></td> 
    <td><font color='red'>$errormsg</font></td> 
</tr> 
<tr> 
    <td>Username:</td> 
    <td><input type='text' name='user' value'$getuser' /></td> 
</tr> 
<tr> 
    <td>Email:</td> 
    <td><input type='text' name='email' value'$getemail' /></td> 
</tr> 
<tr> 
    <td>Password:</td> 
    <td><input type='password' name='pass' value'' /></td> 
</tr> 
<tr> 
    <td>Retype Password:</td> 
    <td><input type='password' name='retypepass' value'' /></td> 
</tr> 
<tr> 
    <td></td> 
    <td><input type='submit' name='registerbtn' value'Register' /></td> 
</tr> 
</table> 
</form>"; 

echo $form; 

?> 
+3

請嘗試去掉你的示例代碼到相關部分 - 現在看起來你正在將代碼傾倒在這裏讓其他人爲你調試它,這不在本站的範圍之內。 –

+0

永遠不要認爲'mysql_query()'成功。總是檢查結果(你可以使用'mysql_error()'來確定錯誤,如果沒有錯誤,你的'SELECT'查詢就不會返回行。 –

回答

0

不是解決辦法,但一些解決方法,使您的代碼更簡單,更好:

  1. 不要使用mysql_功能,使用mysqliPDO。 mysql_已被棄用。

  2. 不要單獨驗證輸入(添加大量必要條件和嵌套)。像這樣的更簡單:

    $ createUser = true;

    if(!$ getuser){$ errorMsg ='Your error msg'; $ createUser = false; } if(!$ getemail){$ errorMsg ='Your error msg'; $ createUser = false;如果(!$ getpass){$ errorMsg ='Your error msg';} $ createUser = false; }

    如果($的createUser){ ...創建用戶... }

  3. real_escape_string(找對的mysqli和PDO實現)

  4. 最後淨化你的投入,添一些調試。例如,使用INSERT查詢創建一個$sql var,並使用echo創建var,以查看查詢是否正確形成。

+1

你應該單獨驗證輸入,所以你可以顯示每個錯誤一次不只是一次錯誤 – Jessica

+0

你有一個點,我重新配製:) –

+0

你的例子仍然只會顯示一個錯誤消息。你應該使用一個數組來保存錯誤。這樣你就可以一次顯示所有的問題。 – Jessica

1

你正在做的INSERTuser -

mysql_query("INSERT INTO user VALUES ('', '$getuser', '$password', '$getemail', '0', '$code', '$date')"); 
         ---- 

users

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'"); 
            ----- 

做你SELECT所以你永遠不會INSERT插入一行供以後選擇。

注意:您已開放SQL注入。至少可以淨化你的$_POST數據。或者移至mysqli_PDO並使用準備好的語句。