登録ページを取得しましたが、送信ボタンが押されたときに、必要なチェックが実行されません。代わりに、何らかの奇妙な理由でそれらをすべて見逃して、エラー テキストのないページを返します。
<?php
require "PasswordHash.php";
require "header.php";
require "globe.php";
echo "<body>
<div class='container'>";
echo "<div class='centered'>
<ul id='nav'>
<li><a href='login.php'>Home </a></li>
<li><a href='register.php'>Register</a></li>
<li><a href='forgotpassword.php'>Forgot Password</a></li>
<li><a href='contact.php'>Contact</a></li>
<li><a href='t&c.php'>Terms and Conditions</a></li>
</ul>";
echo"
<img src='banner1.jpg' width='800px' height='200px' />
<div class='regban'>
<img src='outsideimage/registertop.png' width='800px' height='40px' />
</div>
<div class='registertext'>
Registiring to Zone Wars allows you to be that one step closer to being part of our fantastic community! Simply register for free and with our quick registration form you will be playing very soon! <br />
<font color='red'><i>Please note registration is not currently taking place due to large maintenance. We are sorry for any inconvenience this may have caused. </i></font>";
$regsec = htmlentities($_SERVER['PHP_SELF']);
if (isset($_POST['register']))
{
$user = trim($_POST['user']);
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$email = trim($_POST['email']);
$email2 = $_POST['email2'];
$gender = $_POST['gender'];
$error_string = '';
require_once('recaptchalib.php');
$privatekey = "HIDDEN AS ITS PRIVATE";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
$hasher = new PasswordHash(8, false);
$hash_cost_log2 = 8;
$hash_portable = FALSE;
$hasher = new PasswordHash($hash_cost_log2, $hash_portable);
function isValidEmail($email = '')
{
return preg_match("/^[\d\w\/+!=#|$?%{^&}*`'~-][\d\w\/\.+!=#|$?%{^&}*`'~-]*@[A-Z0-9][A-Z0-9.-]{1,61}[A-Z0-9]\.[A-Z]{2,6}$/ix",$email);
}
$userrow = mysqli_query($mysqli, "SELECT * FROM Persons WHERE username = '" . mysqli_real_escape_string($mysqli, $user) . "'");
$row_cnt = mysqli_num_rows($userrow);
$emailrow = mysqli_query($mysqli, "SELECT * FROM Persons WHERE email = '" . mysqli_real_escape_string($mysqli, $email) . "'");
$row_cnt1 = mysqli_num_rows($emailrow);
if (!$resp->is_valid) {
$error_string .= '<center>The reCAPTCHA wasnt entered correctly. Go back and try it again.</center><br />';
}
else if ($user == '') {
$error_string .= '<center>You left the Username field blank!.</center><br />';
}
else if (strlen($user) < 4) {
$error_string .= '<center>Your Username must be at least 4 characters long.</center><br />';
}
else if (strlen($user) > 8) {
$error_string .= '<center>You Username cannot be longer then 8 characters.</center><br />';
}
else if ( !preg_match("/^[a-z]+[\w.-]*$/i", $user) ) {
$error_string .='<center>Your username may only contain letters, numbers, dots, underscores, hyphen and start with a letter</center>';
}
else if ($row_cnt != 0) {
$error_string .= '<center>Your Username exists</center><br />';
}
else if ($pass1 == '')
{
$error_string .='<center>You left the password field blank.<br /></center>';
}
else if ($pass2 == '') {
$error_string .='<center>You left the confirmation password blank<br /></center>';
}
else if ($pass1 != $pass2) {
$error_string .='<center>Your password and confirmation password do not match<br /></center>';
}
else if(strlen($pass1) > 72) {
$error_string .='<center>Your password cannot be longer then 72 characters<br /></center>';
}
else if ($email == '') {
$error_string .='<center>You left the email field blank!.<br /></center>';
}
else if ($email != $email2) {
$error_string .='<center>Your email and confirmation email did not match.<br /></center>';
}
else if (!isValidEmail($email)) {
$error_string .= '<center>Please enter a valid email address.<br></center>';
}
else if ($row_cnt1 != 0) {
$error_string .= '<center>Your email address exists</center><br />';
}
else {
if ($error_string != '') {
echo "<font color=red> '$error_string' </font><br /><center> Please go back and fix the errors <a href=register.php>here</a></center>";
}
else {
$hash = $hasher->HashPassword($pass1);
get_post_var($user);
get_post_var($email);
$euser = mysqli_real_escape_string($mysqli, $user);
$eemail = mysqli_real_escape_string($mysqli, $email);
if (strlen($hash) >= 20) {
mysqli_query($mysqli, "INSERT INTO Persons (Username, Password, Email, Gender) VALUES ('$euser', '$hash', '$eemail', '$gender')");
echo "You have signed up to the game! Please login <a href='login.php'here</a>. ";
}
else
{
echo "<center>A fatal error occured. Please contact the Admin board</center><br />";
}
}
}
}
else
{
echo "
<form action='$regsec' method='POST'>
<table align='center' border='0'>
<tr><td align='right'>Username:</td><td><input type='text' name='user' /></td></tr>
<tr><td align='right'>Password:</td><td><input type='password' name='pass1' /></td></tr>
<tr><td align='right'>Confirm Password:</td><td><input type='password' name='pass2' /></td></tr>
<tr><td align='right'>Email Address:</td><td><input type='text' name='email' /></td></tr>
<tr><td align='right'>Confirm Email Address:</td><td><input type='text' name='email2' /></td></tr>
<tr><td align='right'>Gender:</td><td><select name='gender'><option value='Male'>Male</option><option value='Female'>Female</option></select></td></tr>
<tr><td colspan='2'><center>";
require_once('recaptchalib.php');
$publickey = "HIDDEN AS ITS PRIVATE"; // you got this from the signup page
echo recaptcha_get_html($publickey);
echo "</center></td><td></td></tr>
<tr><td colspan='2'><center>By registring you have read and agreed our <a href='t&c.php'>Terms and Conditions</a></center></td><td></td></tr>
<tr><td colspan='2'><center><input type='submit' name='register' value='register'></center></td><td></td></tr>
</table></form>";
}
echo "</div>
<img src='outsideimage/registerbott.png' width='800px' height='20px' />
</div>";
echo " <br />
<div class='image'>
<img alt='' src='outsideimage/bottom.png' />
<div class='text'>
<small>Copyright © 2012 All Rights Reserved.</small>
</div>
<div class='text1'>
<small>";
date_default_timezone_set('Europe/London');
echo date('l jS \of F Y h:i:s A');
echo "</small>
</div>
</div>
</body>";
?>