编辑:现在我还有其他问题。它总是给我一个错误。正确的错误但仍然不应该。我的意思是,如果我输入电子邮件,它会写我“电子邮件或密码不正确”。如果我写名字,它会写“名称或密码不正确”。即使我写了正确的细节。
已修复: 我不知道为什么,但如果我填写两个字段,则会写入“成功”。我在这些领域写的并不重要。在用户数据库中,我有id,用户名,名字,姓氏,电子邮件和密码。此登录表单应检测用户输入的内容:电子邮件,名称或用户名。如果有多个用户具有相同的名称(第一个或最后一个),则不允许他使用该名称登录 - 仅使用用户名或密码登录。用户名只能包含英文字母和数字以及_而不能包含空格。名字和姓氏只包含字母而不包含空格。每次更新(更改密码,用户名等...)都会保存在不同行的“用户”表中。当前行(带有最新信息)写在“action”列“current”或“register”中(如果用户尚未更改信息)。
<?php
$name = $_POST["email"];
$password = md5($_POST["password"]);
$right = false;
if(filter_var($name, FILTER_VALIDATE_EMAIL))
{//is email
$query=mysqli_query($mysqli, "SELECT * FROM user WHERE email='".$name."' AND password='".$password."' AND (action='current' OR action='register')");
if(mysqli_num_rows($query) != 1)
{
echo "Email OR password are incorrect.";
}else{
$right = true;
$row = mysqli_fetch_array($query);
$userid = $row['id'];
}
}elseif(!empty($name))
{
$array = explode(' ', $name);
//detect if needs username of regular login
if(count($array) == 1) //username
{
$query=mysqli_query($mysqli, "SELECT * FROM user WHERE username='".$array[0]."' AND password='".$password."' AND (action='current' OR action='register')");
if(mysqli_num_rows($query) == 1)
{ //yes
$right = true;
$row = mysqli_fetch_array($query);
$userid = $row['id'];
}
else
{ //no
echo '<b>Username OR password are incorrect.</b> Note that if you tried to log in with your name, you need to enter the first AND last name as you entered them in the registry.';
}
}
elseif(count($array) == 2) //regular
{
$query1=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[0]."' AND lastname='".$array[1]."' AND (action='current' OR action='register')");
$query2=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[1]."' AND lastname='".$array[0]."' AND (action='current' OR action='register')");
if (mysqli_num_rows($query1) == 1 && (mysqli_num_rows($query1) != mysqli_num_rows($query2)))
{ //no need for username
$query=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[0]."' AND lastname='".$array[1]."' AND password='".$password."' AND (action='current' OR action='register')");
if(mysqli_num_rows($query) == 1)
{
$right = true;
$row = mysqli_fetch_array($query);
$userid = $row['id'];
}
}
elseif(mysqli_num_rows($query2) == 1 && (mysqli_num_rows($query1) != mysqli_num_rows($query2)))
{
$query=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[1]."' AND lastname='".$array[0]."' AND password='".$password."' AND (action='current' OR action='register')");
if(mysqli_num_rows($query) == 1)
{
$right = true;
$row = mysqli_fetch_array($query);
$userid = $row['id'];
}
}
else
{
echo 'Unfortunately you can not log in with your name. Please enter a user name (which you received by email) OR email address in ORDER to connect';
}
}
else //error
{
echo 'Error Input Email';
}
}
else
{
echo 'Please fill all the fields.';
}
if($right){
setcookie("userid", $userid, time() + 60 * 60 * 24 * 30, "/");
setcookie("password", $password, time() + 60 * 60 * 24 * 30, "/");
echo 'Success!';
}
?>
由于
答案 0 :(得分:3)
$query=mysqli_query($mysqli, "SELECT * FROM user WHERE username='".$array[0]."' AND password='".$password."' AND (action='current' OR action='register')");
if(mysqli_num_rows($query) == 0) { //yes
$right = true;
$row = mysqli_fetch_array($query);
$userid = $row['id'];
}
就在这里,您说如果没有与用户名和密码组合匹配的记录,则将$ right设置为true并继续。我很确定你的支票应该是
if (mysqli_num_rows($query) != 0)