-9

私はPHPを初めて使用し、ログイン/登録領域を作成しました。すべてが非常にうまく機能していますが、私には1つ問題があります。ユーザーが正常に登録されると、ログインの詳細が記載された自動メールが送信されます:ユーザー名=Xおよびパスワード=Y。ユーザー名を除くすべてがメッセージに表示されます。メッセージ内のmysqlデータベースからその情報(=データ)を取得するにはどうすればよいですか?

完全なコードは次のとおりです。

<?php

define('INCLUDE_CHECK',true);

require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined


session_name('tzLogin');
// Starting the session

session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks

session_start();

if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:

$_SESSION = array();
session_destroy();

// Destroy the session
}


if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();

header("Location: default.php");
exit;
}

if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted

$err = array();
// Will hold our errors


if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';

if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];

// Escaping all input data

$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));

if($row['usr'])
{
// If everything is OK login

$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];

// Store some data in the session

setcookie('tzRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}

if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session

header("Location: default.php");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted

$err = array();

if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}

if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}

if(!checkEmail($_POST['email']))
{
$err[]='Your email is not valid!';
}

if(!count($err))
{
// If there are no errors

$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password

$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
// Escape the input data


mysql_query("   INSERT INTO tz_members(usr,pass,email,regIP,dt)
VALUES(

'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()

)");

//The message
$message =
"Hello, \n
Thank you for registering with us. \n
Here are your login details: \n

Username: ??? <--this is where I want the code for getting username \n
Password: $pass \n

Thank You

Administrator
www.***.com
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****";

if(mysql_affected_rows($link)==1)
{
send_mail(  'admin@***.com',
$_POST['email'],
'Registration System - Your New Password',
$message);

$_SESSION['msg']['reg-success']='We sent you an email with your new password!';
}
else $err[]='This username is already taken!';
}

if(count($err))
{
$_SESSION['msg']['reg-err'] = implode('<br />',$err);
}   

header("Location: default.php");
exit;
}

どうもありがとう。

4

1 に答える 1

1

データベースにアクセスする方法が明確でない場合でも、最も簡単な方法は、selectステートメントを使用して必要な情報をクエリすることです。

//use a prepare statement for added security, and to prevent sql injection
if ($select_stmt = $mysqli->prepare("SELECT username, password FROM users WHERE email = ?")) 
{
  $select_stmt->bind_param("s", $email); //this is the email from our user
  $select_stmt->execute();
  $select_stmt->store_result();

  //if the query yield any result (thats to say the email is from a valid user)
  if ($select_stmt->num_rows() > 0) 
  {
     $select_stmt->bind_result($username,$password);
     $select_stmt->fetch();
  }
}

これで、変数に格納されているデータベースの値を次のように使用できます。

$message = "Hello, \n Thank you for registering with us. \n Here are your login details: \n

Username:  $username \n
Password: $password \n

Thank You

Administrator
www.***.com
_____________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****";

これがあなたが探しているものであり、この旅でさらに学ぶことができることを願っています。

編集

さて、完全なコードを投稿したので、次のようにするだけでさらに簡単になります。

$username = $_POST['username'];
$message = "Hello, \n Thank you for registering with us. \n Here are your login details: \n

Username:  $username \n
Password: $password \n

Thank You

Administrator
www.***.com
_____________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****";
于 2012-09-22T07:09:10.460 に答える