1. 首頁
  2. 問答
  3. 檢查電子郵件已經存在

檢查電子郵件已經存在

2016-09-15 139 views
-2

如何檢查電子郵件的數據庫已經存在,並拒絕註冊?檢查電子郵件已經存在

的MySQL是一個教我,我目前使用的MySQLi牆上。

這裏是我目前正在使用庫MySQLi的代碼:

<?php 
$cookie_name = "loggedin"; 

$servername = "localhost"; 
$username = "root"; 
$password = ""; 
$database = "scholarcaps"; 
$conn = mysqli_connect($servername, $username, $password, $database); 

if (!$conn) { 
    die("Database connection failed: ".mysqli_connect_error()); 
} 

if (isset($_POST['login'])) 
{ 
    $user = $_POST['username']; 
    $pass = $_POST['password']; 

    $phash = sha1(sha1($pass."salt")."salt"); 

    $sql = "SELECT * FROM users WHERE username='$user' AND password='$phash';"; 

    $result = mysqli_query($conn, $sql); 
    $count = mysqli_num_rows($result); 

    if ($count == 1) 
    { 
     $cookie_value = $user; 
     setcookie($cookie_name, $cookie_value, time() + (180), "/"); 
     header("Location: personal.php"); 
    } 
    else 
    { 
     echo "Username or password is incorrect!"; 
    } 
} 
else if (isset($_POST['register'])) 
{ 
    $user = $_POST['username']; 
    $email = $_POST['email']; 
    $pass = $_POST['password']; 

    $phash = sha1(sha1($pass."salt")."salt"); 

    $sql = "INSERT INTO users (id, email, username, password) VALUES ('','$email', '$user', '$phash');"; 

    $result = mysqli_query($conn, $sql); 
} 
?>

來源

2016-09-15 DingoDile

+0

做檢查查詢是否EMAILADDRESS已經存在。在你的代碼中實現這個查詢,你就完成了。 – Natrium

+0

是你的電子郵件地址=用戶名? – Ish

+0

你是否得到了這個答案? –

回答

1

儘管使用mysqli你的代碼仍然容易受到SQL注入,你直接在SQL語句中嵌入的變量 - 使用準備好的語句,避免討厭的驚喜。以下內容未經測試,但應顯示如何使用預準備語句。有散列密碼,更好的方式 - 如password_hashpassword_verify雖然這些現有不可在PHP版本5.5

$response=array(); 
$cookie_name='loggedin'; 


$dbhost = 'localhost'; 
$dbuser = 'root'; 
$dbpwd = ''; 
$dbname = 'scholarcaps'; 
$db = new mysqli($dbhost, $dbuser, $dbpwd, $dbname); 




if(isset($_POST['login'])) { 

    $user = $_POST['username']; 
    $pass = $_POST['password']; 
    $phash = sha1(sha1($pass . "salt") . "salt"); 

    $sql='select `username`, `password` from `users` where `username`=? and `password`=?'; 
    $stmt=$db->prepare($sql); 

    if($stmt){ 

     $stmt->bind_param('ss', $username, $phash); 
     $result=$stmt->execute(); 

     if(!$result) $response[]='Query failed'; 


     $stmt->store_result(); 
     $stmt->bind_result($name, $pwd); 
     $stmt->fetch(); 

     if($stmt->num_rows()==0) $response[]='No such user'; 
     else { 

      $stmt->free_result(); 
      $stmt->close(); 
      $db->close(); 

      setcookie($cookie_name, $user, time() + 180, "/"); 
      exit(header("Location: personal.php")); 
     } 


     $stmt->free_result(); 
     $stmt->close(); 
     $db->close(); 

     /* show errors */ 
     if(!empty($response)){ 
      echo '<ul><li>',implode('</li><li>',$response),'</li></ul>'; 
     } 
    } 

} elseif($_POST['register']){ 

    $user = $_POST['username']; 
    $email = $_POST['email']; 
    $pass = $_POST['password']; 
    $phash = sha1(sha1($pass . "salt") . "salt"); 



    /* Does the email address already exist? */ 

    $emailfound=false; 

    $sql='select `email` from `users` where `email`=?'; 
    $stmt=$db->prepare($sql); 
    if($stmt){ 

     $stmt->bind_param('s',$email); 
     $result=$stmt->execute(); 
     if($result){ 
      $stmt->store_result(); 
      $stmt->bind_result($emailfound); 
      $stmt->fetch(); 
      $stmt->free_result(); 
     } 
    } 

    if($emailfound){ 
     echo 'Sorry, that email address already exists in our database. Please try again with a different address.'; 
     $stmt->close(); 
     $db->close(); 

    } else { 

     /* the `id` should be automatically generated I assume - hence being omitted here */ 
     $sql='insert into `users` (`email`, `username`, `password`) values (?,?,?);'; 
     $stmt=$db->prepare($sql); 

     if($stmt){ 

      $stmt->bind_param('sss', $email, $username, $phash); 
      $result=$stmt->execute(); 

      $stmt->free_result(); 
      $stmt->close(); 
      $db->close(); 

      if($result) header('Location: login.php'); 
      else{ 
       /* failed to register the user */ 
      } 
     } 
    } 
}

來源

2016-09-15 06:38:05 RamRaider

+1

[passord_compat(https://github.com/ircmaxell/password_compat)由ircmaxell帶來的'password_ *'功能PHP> = 5.3.7 – Neat

+0

感謝的人,這是工作,並且是病研究其它散列技術。 – DingoDile

-1

試試這個, 添加此代碼後sha1

$result = mysql_query("select COUNT(id) from users where email='".$email."'"); 
$count = mysqli_num_rows($result); 
if($count > 0){ 
    echo "email exist"; 
}else 
{ 
    $sql = "INSERT INTO users (id, email, username, password) VALUES ('','$email', '$user', '$phash');"; 
    $result = mysqli_query($conn, $sql); 
}

來源

2016-09-15 06:18:07 Dave

0

我設置我的電子郵件列解決了這個問題具有獨特的屬性。註冊後提交你可以趕上mysqli_errno()。所以你會看到是否有重複的條目。

您將節省檢查查詢這個解決方案。

來源

2016-09-15 06:22:16

+1

實施此方法時,您需要考慮到所有關鍵違規都會觸發相同的錯誤代碼,並且沒有內置的堅固實用的方法來查明它是哪個關鍵字。如果有幾個候選人(這似乎是這種情況,因爲我認爲'用戶名'也必須是唯一的),您將不得不亂搞解析錯誤消息來提取密鑰名稱。 –

-1

如果你不想匹配的電子郵件,你只是想確保電子郵件地址存在,你能...

$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash' AND email<>'';";

,或者指定一個最小長度...

$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash' AND LEN(email) > 0;";

來源

2016-09-15 06:38:56 sdexp

-1

使用這個PHP函數獲取記錄腠在DB NT

$count=mysqli_num_rows($result)

檢查後,大於0或不

來源

2016-09-15 07:20:57

相關問題

 相關問題