用户身份验证 PHP mySQL 无效
User authentication PHP mySQL not working
所以我目前正在 Xampp 中使用 php 和 mysql 构建用户身份验证系统。
我已经设法让它通过电子邮件地址识别用户是否存在,但其他功能似乎不起作用。例如,检查用户是否激活了他们的帐户,因为即使我在数据库中将他们的活动状态更改为 1,他们也没有。或者用登录功能即使邮箱和密码都正确它也会说不正确。
这是我的 login.php 脚本
<?php
include 'init.php';
function sanitize($data){
return mysql_real_escape_string($data);
}
//check if user exists
function user_exists($email){
$email = sanitize($email);
//$query = mysql_query("SELECT COUNT('ID') FROM 'register' WHERE 'email' = '$email'");
return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email'"),0) == 1)? true : false;
}
//check if user has activated account
function user_activate($email){
$email = sanitize($email);
//$query = mysql_query("SELECT COUNT('ID') FROM 'register' WHERE 'email' = '$email'");
return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email' AND 'active' =1"),0) == 1)? true : false;
}
function user_id_from_email($email){
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT id FROM register WHERE email = '$email'"),0,'id'));
}
function login($email,$password){
$user_id = user_id_from_email($email);
$email = sanitize($email);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(id) FROM register WHERE email = '$email' AND 'password' ='$password'"),0) == 1)? $user_id : false;
}
if(empty($_POST)=== false){
$email = $_POST['email'];
$password = $_POST['password'];
}
if(empty($email)|| empty($password) === true){
$errors[] = "You must enter a username and a password";
}
else if(user_exists($email) === false){
$errors[] = "Email address is not registered";
}
else if(user_activate($email) === false){
$errors[] = "You haven't activated your account yet";
}
else{
$login = login($email, $password);
if($login === false){
$errors[] = "email/password are incorrect";
} else {
echo "ok";
}
}
print_r($errors);
/*$email = $_POST['email'];
$password = $_POST['password'];
if($email&&$password){
$connect = mysql_connect("localhost","root","") or die ("Couldn't Connect");
mysql_select_db("users") or die("Couldn't find Database");
}
else
die("Please enter a username and a password");
$query = mysql_query("SELECT * FROM register WHERE email = '$email'");
$numrows = mysql_num_rows($query);
echo $numrows;*/
?>
我的数据库名为 'users',目前只有 1 个 table 名为 'register'。随着行:id, firstname, lastname, email, password, and active.
在您的函数登录中,尝试删除字段名称密码两边的引号。或者更喜欢使用这个 ` .
请注意,您使用的函数 mysql_result 和 mysql_query 在 PHP 7.0
中不再受支持
如您所见:
http://php.net/manual/en/function.mysql-query.php
http://php.net/manual/en/function.mysql-result.php
所以我目前正在 Xampp 中使用 php 和 mysql 构建用户身份验证系统。
我已经设法让它通过电子邮件地址识别用户是否存在,但其他功能似乎不起作用。例如,检查用户是否激活了他们的帐户,因为即使我在数据库中将他们的活动状态更改为 1,他们也没有。或者用登录功能即使邮箱和密码都正确它也会说不正确。
这是我的 login.php 脚本
<?php
include 'init.php';
function sanitize($data){
return mysql_real_escape_string($data);
}
//check if user exists
function user_exists($email){
$email = sanitize($email);
//$query = mysql_query("SELECT COUNT('ID') FROM 'register' WHERE 'email' = '$email'");
return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email'"),0) == 1)? true : false;
}
//check if user has activated account
function user_activate($email){
$email = sanitize($email);
//$query = mysql_query("SELECT COUNT('ID') FROM 'register' WHERE 'email' = '$email'");
return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email' AND 'active' =1"),0) == 1)? true : false;
}
function user_id_from_email($email){
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT id FROM register WHERE email = '$email'"),0,'id'));
}
function login($email,$password){
$user_id = user_id_from_email($email);
$email = sanitize($email);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(id) FROM register WHERE email = '$email' AND 'password' ='$password'"),0) == 1)? $user_id : false;
}
if(empty($_POST)=== false){
$email = $_POST['email'];
$password = $_POST['password'];
}
if(empty($email)|| empty($password) === true){
$errors[] = "You must enter a username and a password";
}
else if(user_exists($email) === false){
$errors[] = "Email address is not registered";
}
else if(user_activate($email) === false){
$errors[] = "You haven't activated your account yet";
}
else{
$login = login($email, $password);
if($login === false){
$errors[] = "email/password are incorrect";
} else {
echo "ok";
}
}
print_r($errors);
/*$email = $_POST['email'];
$password = $_POST['password'];
if($email&&$password){
$connect = mysql_connect("localhost","root","") or die ("Couldn't Connect");
mysql_select_db("users") or die("Couldn't find Database");
}
else
die("Please enter a username and a password");
$query = mysql_query("SELECT * FROM register WHERE email = '$email'");
$numrows = mysql_num_rows($query);
echo $numrows;*/
?>
我的数据库名为 'users',目前只有 1 个 table 名为 'register'。随着行:id, firstname, lastname, email, password, and active.
在您的函数登录中,尝试删除字段名称密码两边的引号。或者更喜欢使用这个 ` .
请注意,您使用的函数 mysql_result 和 mysql_query 在 PHP 7.0
中不再受支持如您所见: http://php.net/manual/en/function.mysql-query.php http://php.net/manual/en/function.mysql-result.php