注册/登录/表单激活链接

时间:2018-11-19 14:28:14

标签: php

因此,我一直在学习网络开发课程,并且在构建网站时,在创建注册/登录页面时开始遇到问题。当我在注册表中将值留空并单击“提交”时。我收到缺少“用户名,电子邮件,密码等”的错误。但是,它将空值存储在我的数据库中。另一个问题是,当我输入密码时,即使我输入正确的密码值,它也会提示我密码应该有多长时间,然后它不会提示我确认新密码,以便它们匹配。即使输入任何密码,它也会接受它,并且我会同时收到以下错误消息:密码至少应为8个字符长,大写字母为1等。但是我也会收到“成功”消息,说我收到了“激活链接” ”。当我单击激活链接时,它在数据库中说“已激活”,并表示是这样,但是当我尝试使用信息登录时,它说“用户名或密码错误”。

我对这一切都很陌生,但是我找不到解决方案。

这是我在寄存器中的代码

<!--Start a session-->
<?php
session_start();


//here we are connecting to db by linking the file to connection.php
include('connections.php');

//Check user inputs
//    Define error message

$missingUsername = '<p><strong>Please enter the username!</strong></p>';
$missingEmail = '<p><strong>Please enter your email!</strong></p>';
$invalidEmail = '<p><strong>Please enter a valid email</strong></p>';
$missingPassword = '<p><strong>Please enter a password!</strong></p>';
$invalidPassword = '<p><strong>Your password should be at least 8 characters long and include one capital letter and one number!</strong></p>';
$differentPassword2 = '<p><strong>The passwords don\'t match!</strong></p>';
$missingPassword2 = '<p><strong>Please enter password again</strong></p>';


//Get username, email, password, passwowrd2

//GET USERNAME
if(empty($_POST["username"])){

    $errors .= $missingUsername;

}else{
    $username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
}

//GET EMAIL
if(empty($_POST["email"])){

$errors .= $missingEmail;

}else{
    $email = filter_var($_POST["email"], FILTER_SANITIZE_EMAIL);

//    VALIDATING EMAIL if email invalid
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){

    $errors .= $invalidEmail;
}    

}
//GET PASSWORDs

if(empty($_POST["password"])){

    $errors .= $missingPassword;

}elseif(!(strlen($_POST["password"])>8 
         and preg_match('/[A-Z]/',$_POST["password"])
         and preg_match('/[0-9]/',$_POST["password"]))){

    $errors .= $invalidPassword;

}else{
        $password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);

//IF SECOND PASSWORD MISSING 

    if(empty($_POST["password2"])){

    $errors .= $missingPassword2;
}else{
    $password2 = filter_var($_POST["password2"], FILTER_SANITIZE_STRING);

        if($password !== $password2){

        $errors .= $differentPassword;
    }
  }
}

//IF THERE ARE ANY ERRROR    PRINT ERRORS

if($errors){
    $resultMessage = '<div class="alert alert-danger">' . $errors . '</div>';
    echo $resultMessage;
}

//IF THERE ARE NO ERRORS

$username = mysqli_real_escape_string($link,$username);

$email = mysqli_real_escape_string($link,$email);

$password = mysqli_real_escape_string($link,$password);

//hashing password

//$_Password = md5($_Password);
$password = hash('sha256',$password);
//128 bits -> 32 characters
//256 bits ->64 characters

//IF *USERNAME* EXISTS IN THE USERS TABLE PRINT ERROR


$sql = "SELECT * FROM users WHERE username = '$username'";
$result = mysqli_query($link, $sql);
if(!$result){
    echo '<div class="alert alert-danger">Error running the query!</div>';

    //echo '<div class="alert alert-danger">'. mysqli_error($link).'</div>';

    exit;
}
$results = mysqli_num_rows($result);
if($results){
    echo '<div class="alert alert-danger">That username is already registered. Do you want to log in?</div>';

    exit;
}

//IF THE *EMAIL* exists in the users table print error    

  $sql = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($link, $sql);
if(!$result){
    echo '<div class="alert alert-danger">Error running the query!</div>';

    exit;
}
$results = mysqli_num_rows($result);
if($results){
    echo '<div class="alert alert-danger">That email is already registered. Do you want to login?</div>';

    exit;
}

//CREATE A UNIQUE ACTIVATION CODE

$activationKey =
 bin2hex(openssl_random_pseudo_bytes(16));
//     bytes:unit of data = 8 bits
//     bit: 0 or 1
//     16 bytes = 16 * 8= 128 bits
//     (2*2*2*2)*2*2*2*2...*2
//     16*16*...*16
//     32 characters

//INSERT USER DETAILS AND ACTIVATION CODE IN THE USERS TABLE

 $sql = "INSERT INTO users (username, email, password, activation) VALUES ('$username', '$email', '$password', '$activationKey')";   

 $result =  mysqli_query($link, $sql);

 if(!$result){
     echo '<div class="alert alert-danger">There was an error inserting users detail in the database!</div>';

     exit;
 }   

 //SEND THE USER AN EMAIL WITH A LINK TO ACTIVATE.PHP WITH THEIR EMAIL AND ACTIVATION CODE
$message = "Please click on this link to activate your account:\n\n";
$message .= "" . urlencode($email) . "&key=$activationKey";

if(mail($email, 'Confirm your registration', $message, 'From:'.'muharem22@gmail.com')){

    echo "<div class='alert alert-success'>Thank you for registering! A confirmation email has been sent to $email. Please click on the activation link to activate your account!</div>";
}

?>

Here is a screen shot of my register form

感谢您的任何建议/建议

1 个答案:

答案 0 :(得分:0)

数据库中空条目的问题是因为发现任何错误后代码不会停止。

发现任何错误时,您必须添加出口。

if($errors)
{
    $resultMessage = '<div class="alert alert-danger">' . $errors . '</div>';
    echo $resultMessage;
    exit;
}
相关问题
最新问题