-1
你好我正在嘗試使我的註冊頁面檢查用戶名或電子郵件是否已被使用。但它只是通過代碼就像它不是他們的,並且在您將其標記爲Check if username already exists using PHP之前,我已經去了那裏,我試着修復它們,但是我沒有工作,所以在這一點上,我很無能,我試過了我所知道的每件事情!使用PHP檢查用戶名和電子郵件是否已經存在
HTML的註冊網頁
<?php
session_start();
include 'header.php';
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($url, 'error=username') !== false) {
echo "<div class='transition' style='height: 20px; background-color: #ff6b66; text-align: center; margin-top: 30px; margin-right: 40%; margin-left: 40%; border-radius: 20px; padding: 5px;'>Fill out username box!</div>";
}
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($url, 'error=password') !== false) {
echo "<div class='transition' style='height: 20px; background-color: #ff6b66; text-align: center; margin-top: 30px; margin-right: 40%; margin-left: 40%; border-radius: 20px; padding: 5px;'>Fill out password box!</div>";
}
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($url, 'error=first') !== false) {
echo "<div class='transition' style='height: 20px; background-color: #ff6b66; text-align: center; margin-top: 30px; margin-right: 40%; margin-left: 40%; border-radius: 20px; padding: 5px;'>Fill out First Name box!</div>";
}
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($url, 'error=last') !== false) {
echo "<div class='transition' style='height: 20px; background-color: #ff6b66; text-align: center; margin-top: 30px; margin-right: 40%; margin-left: 40%; border-radius: 20px; padding: 5px;'>Fill out Last Name box!</div>";
}
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($url, 'error=email') !== false) {
echo "<div class='transition' style=' transition-delay: 1s;box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2); height: 20px; background-color: #ff6b66; text-align: center; margin-top: 30px; margin-right: 40%; margin-left: 40%; border-radius: 20px; padding: 5px;'>Fill out Email box!</div>";
}
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($url, 'error=user_name_taken') !== false) {
echo "<div class='transition' style='height: 20px; background-color: #ff6b66; text-align: center; margin-top: 30px; margin-right: 40%; margin-left: 40%; border-radius: 20px; padding: 5px;'>This username is already in use!</div>";
}
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if (strpos($url, 'error=user_email_taken') !== false) {
echo "<div class='transition' style='height: 20px; background-color: #ff6b66; text-align: center; margin-top: 30px; margin-right: 40%; margin-left: 40%; border-radius: 20px; padding: 5px;'>This email is already in use!</div>";
}
if (isset($_SESSION['id']) !== true) {
header('Location: ../login.php');
}
?>
<html>
<head>
<title>Add Teacher</title>
<link rel="stylesheet" type="text/css" href="../assets/css/adduser.css">
</head>
<body>
<div class="loginbox">
<h1 class="longintitle" style="font-family: Tahoma;">Add Teacher</h1>
<form class="form" action="../includes/adduser.php" method="post" enctype="multipart/form-data">
<input autocomplete="off" placeholder="Username" name="username" type="text" >
<input autocomplete="off" placeholder="Password" name="password" type="password">
<input autocomplete="off" placeholder="First Name" name="first" type="text">
<input autocomplete="off" placeholder="Last Name" name="last" type="text">
<input autocomplete="off" placeholder="Email" name="email" type="email">
<input class="loginbutton" name="create" type="submit" value="Create">
</form>
<p>Students will be in beta copie THIS IS ALPHA</p>
</div>
</body>
</html>
PHP它
<?php
session_start();
include_once("../includes/db.php");
$id = $_POST['id'];
$username = $_POST['username'];
$password = $_POST['password'];
$first = $_POST['first'];
$last = $_POST['last'];
$email = $_POST['email'];
if (empty($username)) {
header('Location: ../teacher/adduser.php?error=username');
exit();
}
if (empty($password)) {
header('Location: ../teacher/adduser.php?error=password');
exit();
}
if (empty($first)) {
header('Location: ../teacher/adduser.php?error=first');
exit();
}
if (empty($last)) {
header('Location: ../teacher/adduser.php?error=last');
exit();
}
if (empty($email)) {
header('Location: ../teacher/adduser.php?error=email');
exit();
} else {
$sql = "SELECT * FROM user WHERE username='".$username."'";
$result = mysqli_query($conn, $sql);
$usernamecheck = mysql_num_rows($result);
if ($usernamecheck > 0) {
header('Location: ../teacher/adduser.php?error=user_name_taken');
exit();
}
$sql = "SELECT * FROM user WHERE email='$email'";
$result = mysqli_query($conn, $sql);
$emailtaken = mysql_num_rows($result);
if ($emailtaken > 0) {
header('Location: ../teacher/adduser.php?error=user_email_taken');
exit();
} else {
$sql = "INSERT INTO user (id, username, password, first, last, email) VALUES ('$id', '$username', '$password', '$first', '$last', '$email')";
$result = mysqli_query($conn, $sql);
header('Location: ../teacher/adduser.php');
}
}
?>
如果需要,但 「懷疑壽」 的db.php中
<?php
$conn = mysqli_connect("localhost", "dbuser", "dbpass", "dbmain");
if ([email protected]_connect("localhost", "dbuser", "dbpass", "dbmain")) {
echo "<div style=' box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2); padding: 3px; background-color: red; height: 20px;'><h3 style='text-align: center;'>Cannot connect to database have the admin take a look!</h3></div>";
die(mysql_error());
}
else {
echo "<div style=' box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2); padding: 3px; background-color: lightgreen; height: 20px;'><h3 style='text-align: center;'>Connected to database Successfully!</h3></div>";
}
?>
請幫助我不知道如何解決這個問題!如果你需要更多的信息,只需要問。
在此先感謝!
該代碼對sql注入攻擊廣泛開放。 – arkascha
You _never_將密碼存儲在數據庫中。決不。期。你存儲的是密碼的_hash_。然後,在認證時再次提交提交的密碼和_compare hashes_。這樣,即使您的系統被攻破,您也不會損害用戶的密碼。使用_good_哈希算法。關於該主題的許多優秀教程都存在。 – arkascha
*「之前,你把這個標記爲一個騙子」* - 它可能已經關閉了你發佈的內容,因爲你的評論不是一個騙局。他們沒有在這裏混合使用MySQL API,而是分別關閉。 –