осложнение регистрации php

Я создал систему регистрации для своего веб-сайта, но она не работает. Когда я нажимаю кнопку «Зарегистрироваться», он выводит меня на страницу процесса и дает мне оператор else, но информация поступает в базу данных, но дает мне инструкции else. Кроме того, когда информация поступает в базу данных, в нее входит более одного пользователя.

signup.php:

<html> <head> <link rel="stylesheet" type="text/css" href="css.css"> <title>Sign Up</title> </head> <body bgcolor="#E6E6FA"> <h2 style="text-align: right"><b style="font-size: 25px">Sign Up Below</b></h2> <form name="registration" method="post" action="process2.php"> <p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" /></p> <br></br> <p align="right"><input type="password" name="password" size="35" id="Password" placeholder="Password" /></p> <br></br> <p align="right"><input type="password" name="password2" size="35" id="Password2" placeholder="Confirm Password" /></p> <br></br> <p align="right"><input type="text" name="email" size="35" id="Email" placeholder="E-mail" /></p> <p align="right"><input type="submit" name="submit" value="submit"></p> </form> <h3 style="font-size: 20px"><a href="register.php">Go Back To Home Screen</a></h3> </body> </html> 

process2.php:

  <?php include("db.php"); if (isset($_POST['submit'])) { if ($_POST['password'] == $_POST['password2']) { $username = $_POST['username']; $pw = $_POST['password']; $pw2 = $_POST['password2']; $email = $_POST['email']; $pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10)); $pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')"; mysqli_query($conn, $sql); } if($username > 0){ echo"This username is in use"; } else { } } ?> в  <?php include("db.php"); if (isset($_POST['submit'])) { if ($_POST['password'] == $_POST['password2']) { $username = $_POST['username']; $pw = $_POST['password']; $pw2 = $_POST['password2']; $email = $_POST['email']; $pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10)); $pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')"; mysqli_query($conn, $sql); } if($username > 0){ echo"This username is in use"; } else { } } ?> 

Это предложение, и я уверен, что орел, смотрящий на Фред-ии, обнаружит ошибки в нем, но я считаю, что это полностью справится с ifs и elses

  <?php include("db.php"); if (isset($_POST['submit'])) { if ($_POST['password'] == $_POST['password2']) { $username = $_POST['username']; $pw = $_POST['password']; $pw2 = $_POST['password2']; $email = $_POST['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySql here to find the $username and // bring out result of find in $username_result if($username_result > 0){ $return_message = "This username is in use"; include("register.php"); exit; // exit; // or send them back to registration page } else { // it is not in use so put it in $pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10)); $pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')"; if(mysqli_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully $return_message = "New user name and password created successfully."; echo $return_message; // stays on the same page }else{ $return_message = "Sorry there has been an error, please try again."; // and send them back to registration page include("register.php"); exit; } } }else{ $return_message = "The passwords do not match. Please re-enter them."; // and send them back to registration page include("register.php"); exit; } } ?> в  <?php include("db.php"); if (isset($_POST['submit'])) { if ($_POST['password'] == $_POST['password2']) { $username = $_POST['username']; $pw = $_POST['password']; $pw2 = $_POST['password2']; $email = $_POST['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySql here to find the $username and // bring out result of find in $username_result if($username_result > 0){ $return_message = "This username is in use"; include("register.php"); exit; // exit; // or send them back to registration page } else { // it is not in use so put it in $pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10)); $pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')"; if(mysqli_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully $return_message = "New user name and password created successfully."; echo $return_message; // stays on the same page }else{ $return_message = "Sorry there has been an error, please try again."; // and send them back to registration page include("register.php"); exit; } } }else{ $return_message = "The passwords do not match. Please re-enter them."; // and send them back to registration page include("register.php"); exit; } } ?> в  <?php include("db.php"); if (isset($_POST['submit'])) { if ($_POST['password'] == $_POST['password2']) { $username = $_POST['username']; $pw = $_POST['password']; $pw2 = $_POST['password2']; $email = $_POST['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySql here to find the $username and // bring out result of find in $username_result if($username_result > 0){ $return_message = "This username is in use"; include("register.php"); exit; // exit; // or send them back to registration page } else { // it is not in use so put it in $pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10)); $pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')"; if(mysqli_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully $return_message = "New user name and password created successfully."; echo $return_message; // stays on the same page }else{ $return_message = "Sorry there has been an error, please try again."; // and send them back to registration page include("register.php"); exit; } } }else{ $return_message = "The passwords do not match. Please re-enter them."; // and send them back to registration page include("register.php"); exit; } } ?> в  <?php include("db.php"); if (isset($_POST['submit'])) { if ($_POST['password'] == $_POST['password2']) { $username = $_POST['username']; $pw = $_POST['password']; $pw2 = $_POST['password2']; $email = $_POST['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySql here to find the $username and // bring out result of find in $username_result if($username_result > 0){ $return_message = "This username is in use"; include("register.php"); exit; // exit; // or send them back to registration page } else { // it is not in use so put it in $pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10)); $pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')"; if(mysqli_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully $return_message = "New user name and password created successfully."; echo $return_message; // stays on the same page }else{ $return_message = "Sorry there has been an error, please try again."; // and send them back to registration page include("register.php"); exit; } } }else{ $return_message = "The passwords do not match. Please re-enter them."; // and send them back to registration page include("register.php"); exit; } } ?> в  <?php include("db.php"); if (isset($_POST['submit'])) { if ($_POST['password'] == $_POST['password2']) { $username = $_POST['username']; $pw = $_POST['password']; $pw2 = $_POST['password2']; $email = $_POST['email']; // validate and sanitize all of these inputs // and see that they are not blank at the same time // Do your MySql here to find the $username and // bring out result of find in $username_result if($username_result > 0){ $return_message = "This username is in use"; include("register.php"); exit; // exit; // or send them back to registration page } else { // it is not in use so put it in $pw = password_hash($pw, PASSWORD_BCRYPT, array('cost' => 10)); $pw2 = password_hash($pw2, PASSWORD_BCRYPT, array('cost' => 8)); $sql = "INSERT into users VALUES(null, '$username', '$pw', '$pw2', '$email')"; if(mysqli_query($conn, $sql)){ // if insert checked as successful echo username and password saved successfully $return_message = "New user name and password created successfully."; echo $return_message; // stays on the same page }else{ $return_message = "Sorry there has been an error, please try again."; // and send them back to registration page include("register.php"); exit; } } }else{ $return_message = "The passwords do not match. Please re-enter them."; // and send them back to registration page include("register.php"); exit; } } ?> 

Не забудьте закрыть соединение и дезинформировать все, что было отправлено из вашей формы, прежде чем оно будет находиться рядом с вашей базой данных.

Возможно, было бы лучше оценить несоответствующие пароли на самой странице регистрации с помощью JavaScript, а не отправлять страницу для проверки.

Когда страница регистрации включена, вы можете поместить на нее ошибку и сохранить значения в текстовых полях, если хотите – чтобы они могли редактировать то, что они вставляли. Фиксирование длины может дать хакерам меньше свободы, чтобы представить гадости. Таким образом, вместо эхо-сообщения вы можете сделать это $return_message = и иметь эхо на странице регистрации сообщений. echo $return_message; поскольку значение по-прежнему доступно для страницы без необходимости повторной публикации, пока оно не будет исправлено и повторно отправлено пользователем.

  <p align="right"><input type="text" name="username" size="35" id="Username" placeholder="User Name" value="<?php echo $username;?>" maxlength="30" /></p>