duanhan5230 2018-04-20 21:42
浏览 110
已采纳

验证不适用于注册表

When I click the 'Sign Up' button, I want the page to be redirected to the server.php so it can run the validation (which is named reg_user).

But when the button is click, the page just refreshes to the same thing. None of the validation/error messages are shown.

Below is the code for my server.php where I have stated all the validations I want to happen: 

<?php
session_start();

// initializing variables
$name = "";
$email = "";
$username = "";
$errors = array(); 

// connect to the database
$db = mysqli_connect('localhost', 'root', 'root', 'register');

// REGISTER USER
if (isset($_POST['reg_user'])) {
  // receive all input values from the form
  $name = mysqli_real_escape_string($db, $_POST['name']); 
  $email = mysqli_real_escape_string($db, $_POST['email']);
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
  $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

  // form validation: ensure that the form is correctly filled ...
  // by adding (array_push()) corresponding error unto $errors array
  if (empty($name)) { array_push($errors, "Full name is required");  
  }
  if (empty($email)) { array_push($errors, "Email is required"); 
  }
  if (empty($username)) { array_push($errors, "Username is required"); }
  if (empty($password_1)) { array_push($errors, "Password is required"); }
  if ($password_1 != $password_2) {
    array_push($errors, "The two passwords do not match");
  }

  // first check the database to make sure 
  // a user does not already exist with the same username and/or email
  $user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
  $result = mysqli_query($db, $user_check_query);
  $user = mysqli_fetch_assoc($result);

  if ($user) { // if user exists
    if ($user['username'] === $username) {
      array_push($errors, "Username already exists");
    }

    if ($user['email'] === $email) {
      array_push($errors, "email already exists");
    }
  }

  // Finally, register user if there are no errors in the form
  if (count($errors) == 0) {
    $password = md5($password_1);//encrypt the password before saving in the database

    $query = "INSERT INTO users (name, email, username, password) 
              VALUES('$name', '$email', '$username', '$password')";
    mysqli_query($db, $query);
    $_SESSION['username'] = $username;
    $_SESSION['success'] = "You are now logged in";
    header('location: index.php');
  }
}

// ... 
// ... 

// LOGIN USER
if (isset($_POST['login_user'])) {
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $password = mysqli_real_escape_string($db, $_POST['password']);

  if (empty($username)) {
    array_push($errors, "Username is required");
  }
  if (empty($password)) {
    array_push($errors, "Password is required");
  }

  if (count($errors) == 0) {
    $password = md5($password);
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $results = mysqli_query($db, $query);
    if (mysqli_num_rows($results) == 1) {
      $_SESSION['username'] = $username;
      $_SESSION['success'] = "You are now logged in";
      header('location: index.php');
    }else {
        array_push($errors, "Wrong username/password combination");
    }
  }
}

?>

And below is the html page to register a user:

<?php include('server.php') ?>
<!DOCTYPE html>
<html lang="en">
<head>
    <title>Register</title>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">  
    <link rel="stylesheet" type="text/css" href="css/util.css">
    <link rel="stylesheet" type="text/css" href="css/main.css">
</head>
<body style="background-color: #999999;">

    <div class="header">
    <div class="limiter">
        <div class="container-login100">
            <div class="login100-more" style="background-image: url('images/bg-01.jpg');"></div>

            <div class="wrap-login100 p-l-50 p-r-50 p-t-72 p-b-50">
                <form class="login100-form validate-form">
                    <span class="login100-form-title p-b-59">
                        Sign Up
                    </span>                   
                      <form method="post" action="register.php">
                      <?php include('errors.php'); ?>

                    <div class="wrap-input100 validate-input">
                        <span class="label-input100">Full Name</span>
                        <input class="input100" type="text" name="name" placeholder="Name...">
                        <span class="focus-input100"></span>
                    </div>
                    <!------------------------------------------->

                    <div class="wrap-input100 validate-input">
                        <span class="label-input100">Email</span>
                        <input class="input100" type="text" name="email" placeholder="Email addess...">
                        <span class="focus-input100"></span>
                    </div>
                    <!------------------------------------------->

                    <div class="wrap-input100 validate-input">
                        <span class="label-input100">Username</span>
                        <input class="input100" type="text" name="username" placeholder="Username...">
                        <span class="focus-input100"></span>
                    </div>
                    <!------------------------------------------->

                    <div class="wrap-input100 validate-input">
                        <span class="label-input100">Password</span>
                        <input class="input100" type="password" name="password_1" placeholder="*************">
                        <span class="focus-input100"></span>
                    </div>
                    <!------------------------------------------->

                    <div class="wrap-input100 validate-input">
                        <span class="label-input100">Repeat Password</span>
                        <input class="input100" type="password" name="password_2" placeholder="*************">
                        <span class="focus-input100"></span>
                    </div>
                    <!------------------------------------------->

                    <div class="flex-m w-full p-b-33">
                        <div class="contact100-form-checkbox">
                            <input class="input-checkbox100" id="ckb1" type="checkbox" name="remember-me">
                            <label class="label-checkbox100" for="ckb1">
                                <span class="txt1">
                                    I agree to the
                                    <a href="#" class="txt2 hov1">
                                        Terms of User
                                    </a>
                                </span>
                            </label>
                        </div>


                    </div>

                    <div class="container-login100-form-btn">
                        <div class="wrap-login100-form-btn">
                            <div class="login100-form-bgbtn" ></div>
                            <button type = "submit" class="login100-form-btn" name="reg_user">
                                Sign Up
                            </button>
                        </div>

                        <a href="register.php" class="dis-block txt3 hov1 p-r-30 p-t-10 p-b-10 p-l-30">
                            Sign in
                            <i class="fa fa-long-arrow-right m-l-5"></i>
                        </a>
                    </div>
                </form>

                </form>
            </div>

            </div>
        </div>
    </div>
    </body>
</html>
<!-- ===============================================================================================-->
    <!--<script src="vendor/jquery/jquery-3.2.1.min.js"></script>
<!--===============================================================================================-->
    <!--<script src="vendor/animsition/js/animsition.min.js"></script>
<!--===============================================================================================-->
    <!--<script src="vendor/bootstrap/js/popper.js"></script>
    <script src="vendor/bootstrap/js/bootstrap.min.js"></script>
<!--===============================================================================================-->
    <!--<script src="vendor/select2/select2.min.js"></script>-->
<!--===============================================================================================-->
    <!--<script src="vendor/daterangepicker/moment.min.js"></script>
    <script src="vendor/daterangepicker/daterangepicker.js"></script>
<!--===============================================================================================-->
    <!--<script src="vendor/countdowntime/countdowntime.js"></script>
<!--===============================================================================================-->
    <!--<script src="js/main.js"></script>
</body>
</html>

I am using mysql to create a database called 'register' that has a table called 'users' which has a name, username, email and password field.

Thanks in advance!

  • 写回答

2条回答 默认 最新

  • dongshuo1856 2018-04-20 21:46
    关注

    It is actually a good practice to use Post Requests on form submittion. This is usually a lot safer! Below is the change you need to make to your form tag, in order to make you redirect to server.php and send the data there with a Post request.

    Replace:

    <form class="login100-form validate-form">

    With:

    <form action="server.php" method="post" class="login100-form validate-form">

    From what I see you are sending name, email, username, password_1, password_2, reg_user as request parameters. It is a good idea to make some validations in your server.php file on the top of it.

    <?php
if(!isset($_POST['name']) or !isset($_POST['email']) or !isset($_POST['username']) 
or !isset($_POST['password_1']) or !isset($_POST['password_2']) or
 !isset($_POST['reg_user']) or $_SERVER['REQUEST_METHOD'] !== 'POST'){
    //redirect to an unauthorized page or something eg...
    header("Location: unauthorized.php");
    exit;
}

    That way you also allow acces to POST requests only.

    $_POST object has all the request data. 

    $username = $_POST['username'];
$email = $_POST['email'];
//ect...

    Regarding the SQL Injection RiggsFolly mentioned, you need to change your code a little bit to look like this:

    $stmt = $dbh->prepare("SELECT * FROM users WHERE username=? OR email=? LIMIT 1");
if ($stmt->execute(array($_POST['username'], $_POST['email']))) {
  while ($row = $stmt->fetch()) {
    print_r($row);
  }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法