如何防止再次注册到系统中

时间:2013-07-29 06:18:10

标签: php login

我已经创建了一个注册表单,我想阻止同一个用户一次又一次地注册到系统。这是我的代码,请帮我解决这个问题。在初始注册时,只考虑用户名密码和电子邮件,在签署系统后,用户可以更新他们的信息,如姓名,性别,教育等:.... 

<?php
session_start();

include_once 'newFunctions.php';
include_once 'dbConnect.php';

// database connection
dbConnect(); 

$username = $_POST['username'];
$pw=md5($_POST['password']);
$email=$_POST['email'];

//check the term
if(isset($_POST['term'])){
    $is_checked = 1;
}else{
    $is_checked = 0;
}


$insert_data="INSERT INTO tutor(userName, password, email, avatar, term)
    VALUES
    ( '{$username}','{$pw}','{$email}','default_image.jpg','{$is_checked}')";


$check=mysql_query($insert_data);

if($check=='true')
{

// session variables
$_SESSION['login'] = "1";
$_SESSION['username']=$username; 
$_SESSION['password']=$pw;

showAlert("You Have Successfully Registered ", "../tutor_panel_ui.php");

}

else{

echo "Invalid Login";

$_SESSION['login'] = '';
}

?>

2 个答案:

答案 0 :(得分:2)

 $insert_data="INSERT INTO tutor(userName, password, email, avatar, term)
VALUES
( '{$username}','{$pw}','{$email}','default_image.jpg','{$is_checked}')";

运行查询以检查数据库中是否已存在电子邮件ID或/和用户名。

会是这样的

$query="SELECT userName (or/and) email FROM tutor WHERE email ='$email' (or/and) userName=$username ";

检查返回的结果是否为空或是否包含某些行。 如果它是空的继续注册用户,否则告诉用户他已经注册,他不能再次注册。

答案 1 :(得分:1)

我会做什么: 将教师列电子邮件和用户名设置为UNIQUE KEY。 然后我会对你的代码进行以下编辑:

<?php
session_start();

include_once 'newFunctions.php';
include_once 'dbConnect.php';

// database connection
dbConnect(); 

$username = $_POST['username'];
$pw=md5($_POST['password']);
$email=$_POST['email'];

//check the term
if(isset($_POST['term'])){
    $is_checked = 1;
}else{
    $is_checked = 0;
}


$insert_data="INSERT INTO tutor(userName, password, email, avatar, term)
    VALUES
    ( '".mysql_real_escape_string({$username})."','".mysql_real_escape_string({$pw})."','{".mysql_real_escape_string($email})."','default_image.jpg','{$is_checked}')";


$check=mysql_query($insert_data);

if($check=='true')
{

// session variables
$_SESSION['login'] = "1";
$_SESSION['username']=$username; 
$_SESSION['password']=$pw;

showAlert("You Have Successfully Registered ", "../tutor_panel_ui.php");
//showAlert is a javascript function - so unless you have defined it in your other files you'll need to do a different thing here.
}

else{

echo "Registration data invalid. Username and email must be unique. Are you already signed up and forgot your password? if so <a href='recoverpassword.php'>Recover your password</a>.";

$_SESSION['login'] = '';
}

?>

注意:我在那里调用mysql_real_escape_string()来避免可怕的致命SQL注入风险,但你应该考虑升级到PDO_或mysqli_而不是mysql_函数。

相关问题
最新问题