PHP登录系统代码编辑
我已在我的网站上实施了此登录系统: 我不熟悉PHP登录系统代码编辑,php,html,login,web,Php,Html,Login,Web,我已在我的网站上实施了此登录系统: 我不熟悉php,所以我的问题是,当用户使用用户名和电子邮件地址注册时,如何显示在电子邮件中选择的用户名。现在im只向他们发送密码 此外,我如何检查当用户尝试注册帐户时,他们输入的电子邮件地址是否尚未用于帐户?现在,当你注册一个以前已经有帐户的帐户时,系统只会给这个电子邮件地址分配一个新密码,而旧密码不起作用 <?php define('INCLUDE_CHECK',true); require 'connect.php'; require 'func
phpim<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: DownloadLinks.php");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('tzRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: DownloadLinks.php");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted
$err = array();
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}
if(!checkEmail($_POST['email']))
{
$err[]='Your email is not valid!';
}
if(!count($err))
{
// If there are no errors
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
// Escape the input data
mysql_query(" INSERT INTO tz_members(usr,pass,email,regIP,dt)
VALUES(
'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");
if(mysql_affected_rows($link)==1)
{
require_once "Mail.php";
$from = "Mail <mail@mail.com>";
$to = $_POST['email'];
$subject = "Registration System- Your New Password";
$body = "Thank you for registering \n You username is: $usr $_SESSION[usr]
Your password is: $pass \n Please login with your registered email and password";
$host = "mail.host.com";
$username = "username";
$password = "password";
$headers = array ('From' => $from,
'To' => $to,
'Subject' => $subject);
$smtp = Mail::factory('smtp',
array ('host' => $host,
'auth' => true,
'username' => $username,
'password' => $password));
$mail = $smtp->send($to, $headers, $body);
if (PEAR::isError($mail)) {
echo("<p>" . $mail->getMessage() . "</p>");
} else {
$_SESSION['msg']['reg-success']='We sent you an email with your new password! Check your junk/spam too!';}
}
else $err[]='This username is already taken!';
}
if(count($err))
{
$_SESSION['msg']['reg-err'] = implode('<br />',$err);
}
header("Location: DownloadLinks.php");
exit;
}
$script = '';
if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load
$script = '
<script type="text/javascript">
$(function(){
$("div#panel").show();
$("#toggle a").toggle();
});
</script>';
}
?>
在注册时,您没有设置$\u会话['usr]
。而是使用$\u POST['username']
$body = "Thank you for registering at The Quran Reciters Members Page \n You username is: " . $_POST['username'] . "
Your password is: $pass \n Please login with your registered email and password";
为了确保该用户不是注册用户,您应该首先查询数据库中的用户名和电子邮件地址。与登录方式相同:
$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='" . $_POST['username'] . "' AND email = '" . $_POST['email'] ."'"));
if($row['usr'])
{
// return an error message and display the registration form again
}
但正如Dagon提到的,这不是一个很好的教程。我希望这只是用于学习,而不是用于生产的系统。只需查询数据库中的电子邮件地址即可。如果它已经在那里,他们已经有一个帐户。糟糕的教程,不要使用抱歉我只是一个初学者,为什么这个代码不好?我只是在一个网站上使用它来限制访问一个页面,所以人们必须注册。通常没有人应该给你答案,因为你不接受正确的答案。这个社区基于“给予与索取”的原则。你只是索取,什么都不给。如果你在现实生活中这样做,你很可能很长时间没有朋友了。想想看,非常感谢,第一部分成功了。如果我刚这么做,你的用户名是:$\u POST['username'],这会导致语法错误,但当我这么做时,$username=$\u POST['username'];然后你的用户名是:$username,它起作用了。我没有得到第二部分,你能告诉我把代码放在哪里吗?在这里:$row=mysql\u fetch\u assoc(mysql\u查询(“从tz\u成员中选择id、usr,其中usr='{$\u POST['username']}'和pass='”).md5($\u POST['password'])。“”);如果($row['usr']){在将新注册插入数据库之前,请检查用户名是否可用以及电子邮件地址是否不在数据库中。或者设置数据库,使用户名和电子邮件地址唯一。