我有错误,我不知道为什么

时间:2013-12-27 13:21:41

标签: php sql login mysqli login-script

编辑:现在我还有其他问题。它总是给我一个错误。正确的错误但仍然不应该。我的意思是,如果我输入电子邮件,它会写我“电子邮件或密码不正确”。如果我写名字,它会写“名称或密码不正确”。即使我写了正确的细节。

已修复: 我不知道为什么,但如果我填写两个字段,则会写入“成功”。我在这些领域写的并不重要。在用户数据库中,我有id,用户名,名字,姓氏,电子邮件和密码。此登录表单应检测用户输入的内容:电子邮件,名称或用户名。如果有多个用户具有相同的名称(第一个或最后一个),则不允许他使用该名称登录 - 仅使用用户名或密码登录。用户名只能包含英文字母和数字以及_而不能包含空格。名字和姓氏只包含字母而不包含空格。每次更新(更改密码,用户名等...)都会保存在不同行的“用户”表中。当前行(带有最新信息)写在“action”列“current”或“register”中(如果用户尚未更改信息)。

<?php
$name = $_POST["email"];
$password = md5($_POST["password"]);
$right = false;

if(filter_var($name, FILTER_VALIDATE_EMAIL))
{//is email
    $query=mysqli_query($mysqli, "SELECT * FROM user WHERE email='".$name."' AND password='".$password."' AND (action='current' OR action='register')");
    if(mysqli_num_rows($query) != 1)
    {
        echo "Email OR password are incorrect.";
    }else{
        $right = true;
        $row = mysqli_fetch_array($query);
        $userid = $row['id'];
    }
}elseif(!empty($name))
{
    $array = explode(' ', $name);
    //detect if needs username of regular login
    if(count($array) == 1) //username
    {
        $query=mysqli_query($mysqli, "SELECT * FROM user WHERE username='".$array[0]."' AND password='".$password."' AND (action='current' OR action='register')");
        if(mysqli_num_rows($query) == 1)
        { //yes
            $right = true;
            $row = mysqli_fetch_array($query);
            $userid = $row['id'];
        }
        else
        { //no
            echo '<b>Username OR password are incorrect.</b> Note that if you tried to log in with your name, you need to enter the first AND last name as you entered them in the registry.';
        }
    }
    elseif(count($array) == 2) //regular
    {
        $query1=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[0]."' AND lastname='".$array[1]."' AND (action='current' OR action='register')"); 
        $query2=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[1]."' AND lastname='".$array[0]."' AND (action='current' OR action='register')"); 

        if (mysqli_num_rows($query1) == 1 && (mysqli_num_rows($query1) != mysqli_num_rows($query2)))
        { //no need for username
            $query=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[0]."' AND lastname='".$array[1]."' AND password='".$password."' AND (action='current' OR action='register')");
            if(mysqli_num_rows($query) == 1)
            {
                $right = true;
                $row = mysqli_fetch_array($query);
                $userid = $row['id'];
            }
        }
        elseif(mysqli_num_rows($query2) == 1 && (mysqli_num_rows($query1) != mysqli_num_rows($query2)))
        {
            $query=mysqli_query($mysqli, "SELECT * FROM user WHERE firstname='".$array[1]."' AND lastname='".$array[0]."' AND password='".$password."' AND (action='current' OR action='register')");
            if(mysqli_num_rows($query) == 1)
            {
                $right = true;
                $row = mysqli_fetch_array($query);
                $userid = $row['id'];
            }
        }
        else
        {
            echo 'Unfortunately you can not log in with your name. Please enter a user name (which you received by email) OR email address in ORDER to connect';
        }
    }
    else //error
    {
        echo 'Error Input Email';
    }
}
else
{
    echo 'Please fill all the fields.';
}

if($right){
    setcookie("userid", $userid, time() + 60 * 60 * 24 * 30, "/");
    setcookie("password", $password, time() + 60 * 60 * 24 * 30, "/");
    echo 'Success!';
}
?>

由于

1 个答案:

答案 0 :(得分:3)

$query=mysqli_query($mysqli, "SELECT * FROM user WHERE username='".$array[0]."' AND password='".$password."' AND (action='current' OR action='register')");
if(mysqli_num_rows($query) == 0) { //yes
    $right = true;
    $row = mysqli_fetch_array($query);
    $userid = $row['id'];
}

就在这里,您说如果没有与用户名和密码组合匹配的记录,则将$ right设置为true并继续。我很确定你的支票应该是

if (mysqli_num_rows($query) != 0)