1

我对以下代码有疑问。我希望用户使用他们的用户名或电子邮件登录。当我使用用户名时,它工作得很好,但是当我使用电子邮件时,即使密码错误,我也可以登录。

public function can_login(){

    $user_mail = $this->input->post('user_mail');

    $this->db->where('email =', $user_mail);
    $this->db->or_where('username =', $user_mail); 

    $this->db->where('password',md5($this->input->post('password')));
    $this->db->where('status =', 'registered');
    $query=$this->db->get('user');

    if($query->num_rows()== 1) {
        return true; 
    } else {
        return false;
    }
}
4

3 回答 3

3

尝试这个

$this->db->where("email = '$user_mail' or username = '$user_mail'"); 
$this->db->where('password', md5($this->input->post('password')));
$this->db->where('status', 'registered');
$query=$this->db->get('user');
于 2013-01-04T11:15:15.753 回答
0

谢谢你们,这是我的解决方案,效果很好。

public function can_login(){
$user_mail = $this->input->post('user_mail');
$password= MD5($this->input->post('password'));
$this->db->select('username,email,password');
$this->db->where("(email = '$user_mail' OR username = '$user_mail') AND password = '$password' AND status = 'registered'");

  $query=$this->db->get('user');`

     if($query->num_rows()== 1)
     {
        return true; 
     }else 
     {
      return false;
     }

    }
于 2013-01-05T02:55:25.000 回答
0

您可以像这样使用CodeIgniter 查询绑定

改变:

 $this->db->where('email =', $user_mail);
         $this->db->or_where('username =', $user_mail); 

 $this->db->where('password',md5($this->input->post('password')));
 $this->db->where('status =', 'registered');
 $query=$this->db->get('user');

至:

$sql = "SELECT * FROM user WHERE (email = ? OR username = ?) AND password = ? AND status = 'registered' LIMIT 1";
$query = $this->db->query($sql, array($user_mail, $user_mail, md5($this->input->post('password')));
于 2013-01-04T06:30:00.707 回答