所以我正在尝试为我的网站创建一个登录系统。 当我手动插入用户时,我可以正常登录,我的数据库也看到我已登录。 但是当我尝试注册新用户时,我会发送到“注册成功”页面。 虽然我插入的信息从未发送到我的数据库。
以下是代码:
连接:
<?php
include_once 'psl-config.php';
$mysqli = new mysqli (HOST, USER, PASSWORD, DATABASE);
?>
配置:
<?php
/**
* These are the database login details
*/
define("HOST", "localhost"); // The host you want to connect to.
define("USER", "username"); // The database username.
define("PASSWORD", "password"); // The database password.
define("DATABASE", "database"); // The database name.
define("CAN_REGISTER", "any");
define("DEFAULT_ROLE", "member");
define("SECURE", FALSE); // FOR DEVELOPMENT ONLY!!!!
?>
注册码:
<?php
include_once 'db_connect.php';
include_once 'psl-config.php';
$error_msg = "";
if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
// Sanitize and validate the data passed in
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
// Username validity and password validity have been checked client side.
// This should should be adequate as nobody gains any advantage from
// breaking these rules.
//
$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this email address already exists
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
}
} else {
$error_msg .= '<p class="error">Database error</p>';
}
// TODO:
// We'll also have to account for the situation where the user doesn't have
// rights to do registration, by checking what type of user is attempting to
// perform the operation.
if (empty($error_msg)) {
// Create a random salt
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// Insert the new user into the database
if ($insert_stmt = $mysqli->prepare("INSERT INTO members ($username, $email, $password,$salt) VALUES (?, ?, ?, ?)")) {
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
}
}
header('Location: ./register_success.php');
}
}
我不知道自己做错了什么,因为我遵循这个: http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
答案 0 :(得分:0)
看一下教程,我没有注意到某些代码示例的结束?>
。在psl-config.php
和db_connect.php
上,您是否在文件末尾添加了?>
?如果没有,添加它们,看看是否有效。另外,在functions.php中,在include_once 'db_connect.php';
行下方添加include_once 'psl-config.php';
。这可能不是问题,但比抱歉更安全。希望这会有所帮助。
答案 1 :(得分:0)
您好试试这个:mysqli_connect()
而不是new mysqli()
代码如下:
$conn = mysqli_connect($DBServer, $DBUser, $DBPass, $DBName);
// check connection if connection success you would not get anything or else you will get
if (mysqli_connect_errno()) {
trigger_error('Database connection failed: ' . mysqli_connect_error(), SOME_ERROR);
}