php - 在php中使用用户名或电子邮件地址登录

Question

我正在尝试使用用户名或电子邮件创建登录

我的代码是：

$username=$_REQUEST['login'];
$email=$_REQUEST['login'];
$password=$_REQUEST['password'];

if($username && $password) {
  $query="select * from  user_db where username='$username'  and password='$password'";
} else if ($email && $password) {
  $query="select * from  user_db where email='$email' and password='$password'";
}

使用用户名登录成功，但使用电子邮件登录无效。请帮我！

Answer 1

电子邮件和用户名的登录参数相同。如果您有一个接受任一登录框的登录框，则并非完全不正确。

如果您不确定它是电子邮件还是用户名，您可以将条件放在查询本身中。

$login=$_REQUEST['login'];
$query = "select * from  user_db where ( username='$login' OR email = '$login') and password='$password'"

编辑： 如今，类似 PDO 的解决方案更受青睐，因为上述解决方案受到 SQL 注入的影响。逻辑保持不变，但你会让它看起来像这样：

$query = "
    SET @username = :username
    SELECT * FROM user_db
       WHERE ( username = @username OR email = @username) 
       AND password = :password
";

$statement = $pdoObject->prepare($query);
$statement->bindValue(":username", $login, PDO::PARAM_STR);
$statement->bindValue(":password", $password, PDO::PARAM_STR);
$statement->execute();

Answer 2

您正在为两个变量设置相同的值，然后使用 if/else。两个 if 语句是等价的。

您需要确定是否$_REQUEST[login]包含有效的电子邮件地址，如果是，请使用数据库的电子邮件字段。否则，使用用户名字段。

此外，您不应该将变量直接放入查询中。使用准备好的语句。

Answer 3

<?php
 require "connectdb.php";

$email =$_POST["email"];
$mobile =  $_POST["mobile"];
$password =$_POST["password"];

//Test variables
//$email = "admin@xyz.com";
//$mobile = "9876543210";
//$password ="@!b7885a$";

 $sql_query = "SELECT email FROM RegisterUser WHERE `email` LIKE '$email' OR `mobile` LIKE '$mobile' AND `password` LIKE '$password';";

 $result = mysqli_query($con,$sql_query);
 if(mysqli_num_rows($result) > 0 )
 {
 $row = mysqli_fetch_assoc($result);
 $email = $row["email"];
 echo "Login Successful...Welcome ".$email;
 }
 else
 {
 echo "Login Failed...Incorrect Email or Password...!";
 }
 ?>

Answer 4

嗨，对我来说是这样的：

if ( !isset($_POST['emailuser'], $_POST['userPass']) ) {
    // Could not get the data that should have been sent.
    die ('Please fill both the username and password field!');
}
$emailuser = ($_POST['emailuser']);
$emailuser = trim($emailuser);

    if ($stmt = $con->prepare('SELECT userEmail or userName, userPass FROM users WHERE userEmail = ? or userName = ?')) {
   // Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
   $stmt->bind_param('ss', $emailuser, $emailuser);
   $stmt->execute();
   // Store the result so we can check if the account exists in the database.
   $stmt->store_result();

   if ($stmt->num_rows > 0) {
       $stmt->bind_result($userName, $userPass);
       $stmt->fetch();
       // Account exists, now we verify the password.
       // Note: remember to use password_hash in your registration file to store the hashed passwords.
       if (password_verify($_POST['userPass'], $userPass)) {
           // Verification success! User has loggedin!
           // Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
           session_regenerate_id();
           $_SESSION['loggedin'] = true;
           $_SESSION['name'] = $emailuser;
           $_SESSION['emailuser'] = $userName;
           header('location: /menu.php');
       } else {
           echo 'Incorrect password!';
       }
   } else {
       echo 'Incorrect username!';
   }
   $stmt->close();    } ?>

Answer 5

$username=$_REQUEST['login'];
$email=$_REQUEST['login'];

这是错误的，您同时使用$_REQUEST['login']电子邮件和用户名。为什么不直接使用电子邮件？

如果$_REQUEST['login']没有电子邮件地址，当然这不会返回任何东西。

此外，除非字段为空，否则您的两个 if 语句都将始终执行。对？

退出登录，强制用户使用电子邮件地址登录。另外，取密码的md5。这些天谁存储原始密码？

Answer 6

if (validate_username($username)) {
  $query="select * from  user_db where username='".$username".' and password='".validate_password($password)."'";
} else if (validate_email($email)) {
  $query="select * from  user_db where email='".$email."' and password='".validate_password($password)."'";
}

Answer 7

好吧，我知道这是一篇旧帖子，但我发现有些人仍然会查看它，所以我想提供一种简单的方法来允许电子邮件和用户名在同一个输入中

我的代码如下

  if
   (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $name_of_same_input) )
  {
     $un_check = mysql_query("SELECT uname FROM eusers WHERE uname = '' ") or die(mysql_error());

     echo "loging in with username"; //code
  }
  elseif
   (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $name_of_same_input) )
  {
     $un_check = mysql_query("SELECT umail FROM eusers WHERE umail = '' ") or die(mysql_error());

     echo "loging in with email"; //code

  }

Answer 8

$username=$_REQUEST['username'];//I'm assuming your code here was wrong
$email=$_REQUEST['email'];//and that you have three different fields in your form 
$password=$_REQUEST['password'];

if (validate_username($username)) {
  $query="select * from  user_db where username='".$username".' and password='".validate_password($password)."'";
} else if (validate_email($email)) {
  $query="select * from  user_db where email='".$email."' and password='".validate_password($password)."'";
}

//... elsewhere...

function validate_username(&$username) {
  if (strlen($username) <= 1) { return false; }
  //return false for other situations
    //Does the username have invalid characters?
    //Is the username a sql injection attack?
  //otherwise...
  return true;
}

function validate_email(&$email) {
  //same deal as with username
}

function validate_password(&$password) {
  //same deal as with username
}

请注意，如果您只有两个字段（登录名和密码），那么电子邮件和用户名之间的区别是没有意义的。进一步注意，您确实应该使用PHP PDO来构建和执行查询，以防止安全漏洞并使您的生活更轻松。