我正在嘗試創建一個簡單的註冊頁面,用戶可以在其中註冊用戶名,電子郵件,密碼和性別。我以某種方式偶然發現了一些問題,我所做的代碼似乎讓用戶使用已經存在的用戶名或電子郵件進行註冊。我試圖阻止在我的代碼中,但它似乎並沒有工作。防止用戶使用相同的用戶名和電子郵件註冊
我在做什麼錯?
這裏是整個代碼:
<?php
session_start();
if (isset($_SESSION['user'])!="") {
header("Location: index.php");
}
include 'includes/config.php';
if(isset($_POST['btn-signup'])) {
$username = strip_tags($_POST['username']);
$username = strtolower($_POST['username']);
$email = filter_var($_POST['email'],FILTER_SANITIZE_EMAIL);
$email = filter_var($email,FILTER_VALIDATE_EMAIL);
$email = strip_tags($_POST['email']);
$password = strip_tags($_POST['password']);
$current_time = strtotime("now");
$username = $con->real_escape_string($username);
$gender = $con->real_escape_string($_POST["gender"]);
$email = $con->real_escape_string($email);
$password = $con->real_escape_string($password);
$hashed_password = password_hash($password, PASSWORD_DEFAULT); // this function works only in PHP 5.5 or latest version
$check_username = $con->query("SELECT * FROM users WHERE username='$username' LIMIT 1");
$check_email = $con->query("SELECT * FROM users WHERE email='$email' LIMIT 1");
if(count($_POST)>0) {
if(!isset($msg)) {
}
if($_POST['username'] === $check_username){
$msg = 'Username already exists<br>';
}
if($_POST['email'] === $check_email){
$msg = 'Email already exists<br>';
}
if($_POST['password'] != $_POST['confirm_password']){
$msg = 'Password doesnt match<br>';
}
if(!isset($msg)) {
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$msg = "Invalid e-mail";
}
}
if(!isset($msg)) {
if(!isset($_POST["gender"])) {
$msg = " Gender field is required";
}
}
}
if(!isset($msg)) {
$query = "INSERT INTO users(username,email,password,gender,joined) VALUES('$username','$email','$hashed_password','$gender','$current_time')";
if(mysqli_query($con, $query)){
$msg = "You have registered successfully!";
} else{
$msg = "Could not register your account. Try Again!";
}
}
}
$con->close();
?>
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Register</title>
</head>
<body>
<div class="signin-form">
<div class="container">
<form class="form-signin" id="register-form" method="post" name="register-form">
<h2 class="form-signin-heading">Sign Up</h2>
<hr>
<?php
if (isset($msg)) {
echo $msg;
}
?>
<div class="form-group">
<input class="form-control" name="username" placeholder="Username" required="" type="text">
</div>
<div class="form-group">
<input class="form-control" name="email" placeholder="Email address" required="" type="email"> <span id="check-e"></span>
</div>
<div class="form-group">
<input class="form-control" name="password" placeholder="Password" required="" type="password">
</div>
<div class="form-group">
<input class="form-control" name="confirm_password" placeholder="Confirm password" required="" type="password">
</div>
<div class="form-group">
<select class="form-control" id="gender" name="gender">
<option disabled hidden="" selected>
Select
</option>
<option>
Male
</option>
<option>
Female
</option>
</select>
</div>
<hr>
<div class="form-group">
<button class="btn btn-default" name="btn-signup" type="submit"><span class="glyphicon glyphicon-log-in"></span> Create Account</button> <a class="btn btn-default" href="index.php" style="float:right;">Log In Here</a>
</div>
</form>
</div>
</div>
</body>
</html>
也許在數據庫中將這些字段設置爲UNIQUE,並嘗試用'INSERT IGNORE'放入它們,然後檢查'mysqli_affected_rows($ db)'?如果它是'0',意味着它不是唯一的:-) –
代碼似乎是正確的..你有一個測試用例? – scaisEdge