I try to create a random string with my function which works and the string become inserted in my table. After the submit of register.php the page activation.php follow and there should the user/ now I (because I didnt send him actually an email) input the generated string and if it works the page login.php follow. Now is my problem, that on the page activation.php the error "ERROR" show. That look like my if condition between the user input $code and the varialbe $result wont work, where is the mistake? Thanks for reading!
<?php require_once './auth.php'; ?>
<?php
//activation.php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="user2"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// upload picture
// Get values from form
if (isset($_POST['code'])) {
$code=$_POST['code'];
}
$username = ($_SESSION['user']['username']);
// Insert data into mysql
$result = mysql_query("SELECT code FROM user2 WHERE username = '$username'");
if (!$result) {
echo 'Konnte Abfrage nicht ausführen: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
if( $result == $_POST['code']){
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/socialad/login.php');
//$codedelete = mysqli_query("UPDATE user2 SET code='0' WHERE username = '$username'");
}
else {
echo "ERROR";
}
// close connection
mysql_close();
?>
<?php
session_start(); // auth.php
session_regenerate_id();
if (empty($_SESSION['login'])) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/login.php');
exit;
} else {
$username = ($_SESSION['user']['username']);
}
?>
<?php
//register.php
$message = array();
if (!empty($_POST)) {
if(isset($_POST['f']['country']) )
{
$country = $_POST['f']['country'];
}
function generateRandomString($length = 8) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
$randomString = generateRandomString();
if (
empty($_POST['f']['username']) ||
empty($_POST['f']['password']) ||
empty($_POST['f']['password_again']) ||
empty($_POST['f']['email']) ||
empty($_POST['f']['firstname']) ||
empty($_POST['f']['lastname']) ||
empty($_POST['f']['phone']) ||
empty($_POST['f']['town']) ||
empty($_POST['f']['street']) ||
empty($_POST['f']['zip'])
) {
$message['error'] = 'Es wurden nicht alle Felder ausgefüllt.';
} else if ($_POST['f']['password'] != $_POST['f']['password_again']) {
$message['error'] = 'Die eingegebenen Passwörter stimmen nicht überein.';
} else {
unset($_POST['f']['password_again']);
$salt = '';
for ($i = 0; $i < 22; $i++) {
$salt .= substr('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', mt_rand(0, 63), 1);
}
$_POST['f']['password'] = crypt(
$_POST['f']['password'],
'$2a$10$' . $salt
);
$mysqli = @new mysqli('localhost', 'root', '', '');
if ($mysqli->connect_error) {
$message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error;
}
$query = sprintf(
"INSERT INTO user2 (username, password, email, firstname, lastname, phone, town, street, zip, country, code)
SELECT * FROM (SELECT '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') as new_user
WHERE NOT EXISTS (
SELECT username FROM user2 WHERE username = '%s'
) LIMIT 1;",
$mysqli->real_escape_string($_POST['f']['username']),
$mysqli->real_escape_string($_POST['f']['password']),
$mysqli->real_escape_string($_POST['f']['email']),
$mysqli->real_escape_string($_POST['f']['firstname']),
$mysqli->real_escape_string($_POST['f']['lastname']),
$mysqli->real_escape_string($_POST['f']['phone']),
$mysqli->real_escape_string($_POST['f']['town']),
$mysqli->real_escape_string($_POST['f']['street']),
$mysqli->real_escape_string($_POST['f']['zip']),
$mysqli->real_escape_string($_POST['f']['country']),
$mysqli->real_escape_string($randomString),
$mysqli->real_escape_string($_POST['f']['username'])
);
$mysqli->query($query);
if ($mysqli->affected_rows == 1) {
$message['success'] = 'Neuer Benutzer (' . htmlspecialchars($_POST['f']['username']) . ') wurde angelegt, <a href="login.php">weiter zur Anmeldung</a>.';
header('Location: http://' . $_SERVER['HTTP_HOST'] . '//activation.php');
// $empfaenger = $_POST['f']['email'];
// $betreff = "Registration";
// $from = "From: Webmaster <webmaster@somediashout.de>";
// $text = "Thank you for your registration. Your code is : " + $randomString;
// mail($empfaenger, $betreff, $text, $from);
session_start();
$_SESSION = array(
'login' => true,
'user' => array(
'username' => $row['username']
)
);
} else {
}
$mysqli->close();
}
}
?>
Aucun commentaire:
Enregistrer un commentaire