<?php
require "db_conn.php";
require "safe_sql.php";
//一种是用一个单独的函数对于所有数据库访问进行过滤,或者在db_conn中进行过滤;
if (!isset($_REQUEST["code"]) || !isset($_REQUEST["email"])) {
exit;
}
$code = $_REQUEST["code"];
$email = $_REQUEST["email"];
if (db_query_user_by_email($email)["verified_code"] === $_REQUEST["code"]) {
execute_sql('update user set is_verified=1 where email="' . $email . '";', 0);
echo "success!";
} else {
echo "<script language=\"javascript\">alert(\"Verify code wrong!\");history.back();</script>";
exit;
}
echo "<script language=\"javascript\">alert(\"Captcha wrong!\");history.back();</script>";
exit;
} else {
if (!preg_match_all($email_pattern, strtolower($email))) {
echo "<script language=\"javascript\">alert(\"Your email is illegal!\");history.back();</script>";
exit;
} else {
if (!preg_match($uname_pattern, strtolower($uname))) {
echo "<script language=\"javascript\">alert(\"Your name is illegal!\");history.back();</script>";
exit;
} else {
if (db_query_user_by_name($uname)) {
echo "<script language=\"javascript\">alert(\"The name had been used!\");history.back();</script>";
exit;
} else {
if (db_query_user_by_email($email)) {
echo "<script language=\"javascript\">alert(\"The email had been used!\");history.back();</script>";
exit;
} else {
$res = db_insert_user($uname, $passwd, $email, 0);
//echo $res;
if ($res > 0) {
echo "<script language=\"javascript\">alert(\"Register success!\");</script>";
//这里要跳转到邮箱验证页面
} else {
echo "<script language=\"javascript\">alert(\"Register failed!\");history.back();</script>";
}
}
}
}
}
