<?php require "db_conn.php"; require "safe_sql.php"; //一种是用一个单独的函数对于所有数据库访问进行过滤,或者在db_conn中进行过滤; if (!isset($_REQUEST["code"]) || !isset($_REQUEST["email"])) { exit; } $code = $_REQUEST["code"]; $email = $_REQUEST["email"]; if (db_query_user_by_email($email)["verified_code"] === $_REQUEST["code"]) { execute_sql('update user set is_verified=1 where email="' . $email . '";', 0); echo "success!"; } else { echo "<script language=\"javascript\">alert(\"Verify code wrong!\");history.back();</script>"; exit; }
echo "<script language=\"javascript\">alert(\"Captcha wrong!\");history.back();</script>"; exit; } else { if (!preg_match_all($email_pattern, strtolower($email))) { echo "<script language=\"javascript\">alert(\"Your email is illegal!\");history.back();</script>"; exit; } else { if (!preg_match($uname_pattern, strtolower($uname))) { echo "<script language=\"javascript\">alert(\"Your name is illegal!\");history.back();</script>"; exit; } else { if (db_query_user_by_name($uname)) { echo "<script language=\"javascript\">alert(\"The name had been used!\");history.back();</script>"; exit; } else { if (db_query_user_by_email($email)) { echo "<script language=\"javascript\">alert(\"The email had been used!\");history.back();</script>"; exit; } else { $res = db_insert_user($uname, $passwd, $email, 0); //echo $res; if ($res > 0) { echo "<script language=\"javascript\">alert(\"Register success!\");</script>"; //这里要跳转到邮箱验证页面 } else { echo "<script language=\"javascript\">alert(\"Register failed!\");history.back();</script>"; } } } } }