php - 登录/注册 PHP 表单

Question

我的登录/注册表单遇到一些问题

基本上，当我注册(创建新用户)时，它会将我带到login.php脚本而不是注册脚本。

登录表单位于“header.php”页面中，因此它位于每个页面的顶部，包括注册表单。但不认为这会是一个问题吗？

登记表

<?php 
include("config.php");
include("header.php");
?>

<div id="contentwrap">

<form name="myuserform" method="POST" action="register.php" onsubmit="return validateForm();">
<tr class='alt'>
<td>email address: <td><input type="text" name="email"> 
<tr class='alt'>
<td>Password: <td><input type="password" name="password">
<tr class='alt'>
<td>Your name: <td><input type="text" name="username">
<tr class='alt'>
<td><input type="submit" name="adduser" value="Sign me up!"> 
</form> 

</div>

注册.php

<?php 


if (isset($_POST['adduser']))
{
    $error = "";

    $username = mysqli_real_escape_string($connection, $_POST['username']);
    $password = mysqli_real_escape_string($connection, $_POST['password']);
    $md5_pass = md5($password);
    $email = mysqli_real_escape_string($connection, $_POST['email']);

    if (!isset($username) || empty($username) ||
        !isset($password) || empty($password) ||
        !isset($email) || empty($email))
    {
        $error = "All fields must be filled out";
    }
    else if (user_exists($connection, $username))
    {
        $error = "Username already registered";
    }
    else if (strlen($password) < 6)
    {
        $error = "Password must be at least 6 characters";
    }
    else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) // check if email looks valid
    {
        $error = "Please enter a valid email";
    }

    if ($error == "")
    {
        //$query = "INSERT INTO users (email, password, username) VALUES ('{$email}','{$md5_pass}','{$username}')";
        $query = "INSERT INTO users (username, password, email) VALUES ('{$username}','{$md5_pass}','{$email}')";
        $result = mysqli_query($connection, $query);

        if ($result)
            echo " <b>Registered successfully!</b><br/>Please return to the <a href='index.php'>index</a> to login.";

        else
            $error = "Unable to create new user";
    }

    if ($error != "") // redo error string check since the last block may have set it
    {
        echo "Error: {$error}. Please return to the previous page.";
    }

    exit();
}
?>

登录.php

<?php
include("config.php");

if (isset($_POST['username']) && !empty($_POST['username']) &&
    isset($_POST['password']) && !empty($_POST['password']))
{
    $username = mysqli_real_escape_string($connection, $_POST['username']);
    $password = md5($_POST['password']);

    $query = "SELECT * FROM users WHERE username='{$username}' AND password='{$password}'";
    $res = mysqli_query($connection, $query);
    if (mysqli_num_rows($res) >= 1)
    {
        $row = mysqli_fetch_array($res);
        if($row['rank'] == "banned")
        {
            echo "You have been banned from the site.";
            exit();
        }
        $_SESSION['uid'] = $row['userid'];
        $_SESSION['username'] = $row['username'];
        if($row['rank'] == "admin")
        $_SESSION['is_admin'] = true;

        header("Location: index.php");
        exit();
    }
    else
    {
        echo "Username/password invalid. Return to the <a href='index.php'> home </a>page";
        exit();
    }
}

echo "Something went wrong, try again"; <--- this is the result im getting
?>

这是登录表单(除了 header.php)

    <?php
if (!isset($_SESSION['uid']) || empty($_SESSION['uid']))
{
    echo "<form action='login.php' method='post'>
    Username: <input type='text' name='username' Placeholder='Username' style='width:100px;'/>&nbsp;
    Password: <input type='password' name='password' Placeholder='Password' style='width:100px;' />&nbsp;
    <input type='submit' name='submit' value='Log In' />";
    echo "<div id='freeman'>
    <a href='signup.php'> <img src='images/register.jpg' width='60px' height='60px' /> </a>
    </div>";
} else {
echo "You are logged is as {$_SESSION['username']} &bull; <a href='logout.php'>Logout</a>";
}
?>

Answer 1

当您 register 时出现的问题你没有打开session考虑user登录并为他获取一个 session 。

另一个问题是您没有检查您的 login脚本如果 user已经有 session这意味着他已经登录