我想在注册用户时检查MySQL数据库中的重复项。
如果用户存在显示相应的错误,请注册。
我知道有几个这样的问题,但我发现很难将它们中的任何一个粘贴到我的代码中。
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//two passwords are the same
if($_POST['password'] == $_POST['confirmedpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$sql = "INSERT INTO members(username, password)"
. "VALUES ('$username','$password')";
//if query is successful redirect to login.php
if ($mysqli->query($sql) === true)
$_SESSION['message'] = 'Success';
header("location: login.php");
} else {
$_SESSION['message'] = "User couldnt be added";
}
} else {
$_SESSION['message'] = "Passwords dont match";
}
}
答案 0 :(得分:3)
我向salt md5添加了一些password以使其看起来更安全,但实际上此解决方案也不安全。要加密PHP中的密码,建议您使用password_hash()函数,如下所示:
$pass = password_hash($password, PASSWORD_BCRYPT);
password_hash()使用强大的单向散列算法创建新的密码哈希。
然后使用password_verify()
password_verify ( $passToTest , $knownPasswordHash );
此处的功能更多:http://php.net/password-hash,http://php.net/password-verify。
此外,由于您使用MySQLi考虑使用预准备语句,或者至少在将输入数据应用于数据库之前正确过滤输入数据。
有关准备好的陈述的更多信息:http://php.net/prepared-statements。
在select statement添加user之前,我添加了table来检查user中是否已存在database。
如果您希望立即退出并且不希望其他代码执行,则使用header()更改页面位置时会将exit()或die()放入下一行代码中。
以下是添加了select语句的代码:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
//two passwords are the same
if($_POST['password'] == $_POST['confirmedpassword'])
{
$username = $mysqli->real_escape_string($_POST['username']);
// You might consider using salt when storing passwords like this
$salt = 'aNiceDay';
$password = md5(md5($_POST['password'].$salt).$salt);
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$sql = "SELECT `username` FROM members WHERE `username` = '".$username."'";
$result = $mysqli->query($sql);
if(mysqli_num_rows($result) > 0)
{
echo 'User exists.';
// Do something.
}
else
{
$sql = "INSERT INTO members(username, password) VALUES ('".$username."','".$password."')";
if($mysqli->query($sql) === true)
{
$_SESSION['message'] = 'Success';
header("location: login.php");
// Important to put exit() after header so other code
// doesn't get executed.
exit();
}
else
{
$_SESSION['message'] = "User couldn't be added";
echo "User couldn't be added.";
}
}
}
else
{
$_SESSION['message'] = "Passwords dont match";
}
}
?>
答案 1 :(得分:0)
因此,您可以检查用户是否存在。
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
//two passwords are the same
if($_POST['password'] == $_POST['confirmedpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
//Check user
$CheckUserIsExist = mysqli->query("SELECT uid FROM members WHERE username='$username'");
if(mysqli_num_rows($CheckUserIsExist)==0 ){
$sql = "INSERT INTO members(username, password)"
. "VALUES ('$username','$password')";
//if query is successful redirect to login.php
if($mysqli->query($sql) === true)
$_SESSION['message'] = 'Success';
header("location: login.php");
}
} else{
echo 'This username is already in use. Please use different username';
}
else{
$_SESSION['message'] = "User couldn't be added";
}
}
else{
$_SESSION['message'] = "Passwords don't match";
}