用户身份验证PHP mySQL无法正常工作

时间:2016-02-05 19:10:40

标签: php mysql authentication xampp

所以我目前正在Xampp中使用php和mysql构建用户身份验证系统。

我设法通过他们的电子邮件地址识别用户是否存在,但其他功能似乎无法正常工作。例如,检查用户是否已激活其帐户,即使我在数据库中将其活动状态更改为1,也不会回来。或者使用登录功能,即使电子邮件和密码都正确,也会说它们不正确。

这是我的login.php脚本

    <?php
include 'init.php';


function sanitize($data){
    return mysql_real_escape_string($data);
}

//check if user exists
function user_exists($email){
        $email = sanitize($email);
        //$query = mysql_query("SELECT COUNT('ID') FROM 'register' WHERE 'email' = '$email'");
        return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email'"),0) == 1)? true : false;
}

//check if user has activated account
function user_activate($email){
        $email = sanitize($email);
        //$query = mysql_query("SELECT COUNT('ID') FROM 'register' WHERE 'email' = '$email'");
        return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email' AND 'active' =1"),0) == 1)? true : false;
}
function user_id_from_email($email){
    $email = sanitize($email);
    return (mysql_result(mysql_query("SELECT id FROM register WHERE email = '$email'"),0,'id'));
}
function login($email,$password){
    $user_id = user_id_from_email($email);
    $email = sanitize($email);
    $password = md5($password);

    return (mysql_result(mysql_query("SELECT COUNT(id) FROM register WHERE email = '$email' AND 'password' ='$password'"),0) == 1)? $user_id : false;
}


if(empty($_POST)=== false){
    $email = $_POST['email'];   
    $password = $_POST['password'];
}

if(empty($email)|| empty($password) === true){
        $errors[] = "You must enter a username and a password"; 
}
else if(user_exists($email) === false){
    $errors[] = "Email address is not registered";  
}
else if(user_activate($email) === false){
    $errors[] = "You haven't activated your account yet";   
}
else{
    $login = login($email, $password);
    if($login === false){
        $errors[] = "email/password are incorrect";
    } else {
        echo "ok";
    }
}

print_r($errors);


/*$email = $_POST['email'];
$password = $_POST['password'];


if($email&&$password){
    $connect = mysql_connect("localhost","root","") or die ("Couldn't Connect");
    mysql_select_db("users") or die("Couldn't find Database");
}
    else 
        die("Please enter a username and a password");

$query = mysql_query("SELECT * FROM register WHERE email = '$email'");
$numrows = mysql_num_rows($query);

echo $numrows;*/


?>

我的数据库名为'users',目前只有一个名为'register'的表。使用行:id, firstname, lastname, email, password, and active

2 个答案:

答案 0 :(得分:0)

在您的函数登录中,尝试删除引号'arround字段名称密码。或者更喜欢使用这个`。

请注意,您正在使用PHP 7.0中不再支持的函数mysql_result和mysql_query

正如你在这里看到的: http://php.net/manual/en/function.mysql-query.php http://php.net/manual/en/function.mysql-result.php

答案 1 :(得分:-1)

也许你也应该看一下PDO(http://php.net/manual/de/book.pdo.php),因为Johann de Rus说在PHP7中不推荐使用mysql

相关问题
最新问题