-1
我正在尝试创建一个简单的注册页面,用户可以在其中注册用户名,电子邮件,密码和性别。我以某种方式偶然发现了一些问题,我所做的代码似乎让用户使用已经存在的用户名或电子邮件进行注册。我试图阻止在我的代码中,但它似乎并没有工作。防止用户使用相同的用户名和电子邮件注册
我在做什么错?
这里是整个代码:
<?php
session_start();
if (isset($_SESSION['user'])!="") {
header("Location: index.php");
}
include 'includes/config.php';
if(isset($_POST['btn-signup'])) {
$username = strip_tags($_POST['username']);
$username = strtolower($_POST['username']);
$email = filter_var($_POST['email'],FILTER_SANITIZE_EMAIL);
$email = filter_var($email,FILTER_VALIDATE_EMAIL);
$email = strip_tags($_POST['email']);
$password = strip_tags($_POST['password']);
$current_time = strtotime("now");
$username = $con->real_escape_string($username);
$gender = $con->real_escape_string($_POST["gender"]);
$email = $con->real_escape_string($email);
$password = $con->real_escape_string($password);
$hashed_password = password_hash($password, PASSWORD_DEFAULT); // this function works only in PHP 5.5 or latest version
$check_username = $con->query("SELECT * FROM users WHERE username='$username' LIMIT 1");
$check_email = $con->query("SELECT * FROM users WHERE email='$email' LIMIT 1");
if(count($_POST)>0) {
if(!isset($msg)) {
}
if($_POST['username'] === $check_username){
$msg = 'Username already exists<br>';
}
if($_POST['email'] === $check_email){
$msg = 'Email already exists<br>';
}
if($_POST['password'] != $_POST['confirm_password']){
$msg = 'Password doesnt match<br>';
}
if(!isset($msg)) {
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$msg = "Invalid e-mail";
}
}
if(!isset($msg)) {
if(!isset($_POST["gender"])) {
$msg = " Gender field is required";
}
}
}
if(!isset($msg)) {
$query = "INSERT INTO users(username,email,password,gender,joined) VALUES('$username','$email','$hashed_password','$gender','$current_time')";
if(mysqli_query($con, $query)){
$msg = "You have registered successfully!";
} else{
$msg = "Could not register your account. Try Again!";
}
}
}
$con->close();
?>
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Register</title>
</head>
<body>
<div class="signin-form">
<div class="container">
<form class="form-signin" id="register-form" method="post" name="register-form">
<h2 class="form-signin-heading">Sign Up</h2>
<hr>
<?php
if (isset($msg)) {
echo $msg;
}
?>
<div class="form-group">
<input class="form-control" name="username" placeholder="Username" required="" type="text">
</div>
<div class="form-group">
<input class="form-control" name="email" placeholder="Email address" required="" type="email"> <span id="check-e"></span>
</div>
<div class="form-group">
<input class="form-control" name="password" placeholder="Password" required="" type="password">
</div>
<div class="form-group">
<input class="form-control" name="confirm_password" placeholder="Confirm password" required="" type="password">
</div>
<div class="form-group">
<select class="form-control" id="gender" name="gender">
<option disabled hidden="" selected>
Select
</option>
<option>
Male
</option>
<option>
Female
</option>
</select>
</div>
<hr>
<div class="form-group">
<button class="btn btn-default" name="btn-signup" type="submit"><span class="glyphicon glyphicon-log-in"></span> Create Account</button> <a class="btn btn-default" href="index.php" style="float:right;">Log In Here</a>
</div>
</form>
</div>
</div>
</body>
</html>
也许在数据库中将这些字段设置为UNIQUE,并尝试用'INSERT IGNORE'放入它们,然后检查'mysqli_affected_rows($ db)'?如果它是'0',意味着它不是唯一的:-) –
代码似乎是正确的..你有一个测试用例? – scaisEdge