用php登录用户名或电子邮件地址

时间:2012-05-02 17:56:51

标签: php mysql

我正在尝试使用用户名或电子邮件创建登录信息

我的代码是:

$username=$_REQUEST['login'];
$email=$_REQUEST['login'];
$password=$_REQUEST['password'];

if($username && $password) {
  $query="select * from  user_db where username='$username'  and password='$password'";
} else if ($email && $password) {
  $query="select * from  user_db where email='$email' and password='$password'";
}

使用用户名登录成功,但使用电子邮件登录无效。请帮帮我!

8 个答案:

答案 0 :(得分:24)

电子邮件和用户名的登录参数相同。如果您有一个接受任何一个的登录框,则不完全错误。

如果你不确定它是电子邮件还是用户名,你可以将条件放在查询中。

$login=$_REQUEST['login'];
$query = "select * from  user_db where ( username='$login' OR email = '$login') and password='$password'"

修改 现在更加优选类似PDO的解决方案,因为上述内容受SQL注入。逻辑保持不变,但你看起来像这样:

$query = "
    SET @username = :username
    SELECT * FROM user_db
       WHERE ( username = @username OR email = @username) 
       AND password = :password
";

$statement = $pdoObject->prepare($query);
$statement->bindValue(":username", $login, PDO::PARAM_STR);
$statement->bindValue(":password", $password, PDO::PARAM_STR);
$statement->execute();

答案 1 :(得分:2)

您将相同的值设置为两个变量,然后使用if / else。两个if语句都是等价的。

您需要确定$_REQUEST[login]是否包含有效的电子邮件地址,如果是,请使用数据库的电子邮件字段。否则,请使用用户名字段。

此外,您不应将变量直接放入查询中。使用准备好的陈述。

答案 2 :(得分:0)

$username=$_REQUEST['login'];
$email=$_REQUEST['login'];

这是错误的,您使用$_REQUEST['login']作为电子邮件和用户名。你为什么不用电子邮件?

如果$_REQUEST['login']没有电子邮件地址,当然这不会给你任何回报。

此外,除非字段为空,否则两个if语句将始终执行。正确?

退出登录,强制用户使用电子邮件地址登录。另外,取密码的md5。谁存储了原始密码?

答案 3 :(得分:0)

if (validate_username($username)) {
  $query="select * from  user_db where username='".$username".' and password='".validate_password($password)."'";
} else if (validate_email($email)) {
  $query="select * from  user_db where email='".$email."' and password='".validate_password($password)."'";
}

答案 4 :(得分:0)

我知道这是一个老帖子,但我发现有些人仍然会查看它,所以我想提一个简单的方法来允许同一输入的电子邮件和用户名

我的代码如下

  if
   (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $name_of_same_input) )
  {
     $un_check = mysql_query("SELECT uname FROM eusers WHERE uname = '' ") or die(mysql_error());

     echo "loging in with username"; //code
  }
  elseif
   (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $name_of_same_input) )
  {
     $un_check = mysql_query("SELECT umail FROM eusers WHERE umail = '' ") or die(mysql_error());

     echo "loging in with email"; //code

  }

答案 5 :(得分:0)

<?php
 require "connectdb.php";

$email =$_POST["email"];
$mobile =  $_POST["mobile"];
$password =$_POST["password"];

//Test variables
//$email = "admin@xyz.com";
//$mobile = "9876543210";
//$password ="@!b7885a$";

 $sql_query = "SELECT email FROM RegisterUser WHERE `email` LIKE '$email' OR `mobile` LIKE '$mobile' AND `password` LIKE '$password';";

 $result = mysqli_query($con,$sql_query);
 if(mysqli_num_rows($result) > 0 )
 {
 $row = mysqli_fetch_assoc($result);
 $email = $row["email"];
 echo "Login Successful...Welcome ".$email;
 }
 else
 {
 echo "Login Failed...Incorrect Email or Password...!";
 }
 ?>

答案 6 :(得分:0)

  

嗨,对我来说,是这样的:

     

if ( !isset($_POST['emailuser'], $_POST['userPass']) ) {
    // Could not get the data that should have been sent.
    die ('Please fill both the username and password field!');
}
$emailuser = ($_POST['emailuser']);
$emailuser = trim($emailuser);

    if ($stmt = $con->prepare('SELECT userEmail or userName, userPass FROM users WHERE userEmail = ? or userName = ?')) {
   // Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
   $stmt->bind_param('ss', $emailuser, $emailuser);
   $stmt->execute();
   // Store the result so we can check if the account exists in the database.
   $stmt->store_result();

   if ($stmt->num_rows > 0) {
       $stmt->bind_result($userName, $userPass);
       $stmt->fetch();
       // Account exists, now we verify the password.
       // Note: remember to use password_hash in your registration file to store the hashed passwords.
       if (password_verify($_POST['userPass'], $userPass)) {
           // Verification success! User has loggedin!
           // Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
           session_regenerate_id();
           $_SESSION['loggedin'] = true;
           $_SESSION['name'] = $emailuser;
           $_SESSION['emailuser'] = $userName;
           header('location: /menu.php');
       } else {
           echo 'Incorrect password!';
       }
   } else {
       echo 'Incorrect username!';
   }
   $stmt->close();    } ?>

答案 7 :(得分:-1)

$username=$_REQUEST['username'];//I'm assuming your code here was wrong
$email=$_REQUEST['email'];//and that you have three different fields in your form 
$password=$_REQUEST['password'];

if (validate_username($username)) {
  $query="select * from  user_db where username='".$username".' and password='".validate_password($password)."'";
} else if (validate_email($email)) {
  $query="select * from  user_db where email='".$email."' and password='".validate_password($password)."'";
}

//... elsewhere...

function validate_username(&$username) {
  if (strlen($username) <= 1) { return false; }
  //return false for other situations
    //Does the username have invalid characters?
    //Is the username a sql injection attack?
  //otherwise...
  return true;
}

function validate_email(&$email) {
  //same deal as with username
}

function validate_password(&$password) {
  //same deal as with username
}

注意,如果您只有两个字段(登录名和密码),那么电子邮件和用户名之间的区别就毫无意义。进一步请注意,您应该使用PHP PDO来构建和执行查询,以防止安全漏洞并使您的生活变得更轻松。

相关问题
最新问题