login with username or email address in php
I am trying to create a login with username or email
My code is:
$username=$_REQUEST[\'login\'];
$email=$_REQUEST[\'login\'];
$password=$_REQUEST[\'passw
-
if (validate_username($username)) { $query="select * from user_db where username='".$username".' and password='".validate_password($password)."'"; } else if (validate_email($email)) { $query="select * from user_db where email='".$email."' and password='".validate_password($password)."'"; }讨论(0) -
<?php require "connectdb.php"; $email =$_POST["email"]; $mobile = $_POST["mobile"]; $password =$_POST["password"]; //Test variables //$email = "admin@xyz.com"; //$mobile = "9876543210"; //$password ="@!b7885a$"; $sql_query = "SELECT email FROM RegisterUser WHERE `email` LIKE '$email' OR `mobile` LIKE '$mobile' AND `password` LIKE '$password';"; $result = mysqli_query($con,$sql_query); if(mysqli_num_rows($result) > 0 ) { $row = mysqli_fetch_assoc($result); $email = $row["email"]; echo "Login Successful...Welcome ".$email; } else { echo "Login Failed...Incorrect Email or Password...!"; } ?>讨论(0) -
Well i know this is an old post but i've found that some people are still going to view it so i wanted to put a easy way to allow both email and username on the same input
my code is as follows
if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $name_of_same_input) ) { $un_check = mysql_query("SELECT uname FROM eusers WHERE uname = '' ") or die(mysql_error()); echo "loging in with username"; //code } elseif (preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/", $name_of_same_input) ) { $un_check = mysql_query("SELECT umail FROM eusers WHERE umail = '' ") or die(mysql_error()); echo "loging in with email"; //code }讨论(0) -
$username=$_REQUEST['login']; $email=$_REQUEST['login'];This is wrong, you are using
$_REQUEST['login']for both email and username. Why don't you just use email?If
$_REQUEST['login']doesn't have email address, of course this wont return you anything.Also, both of your if statements will always execute, unless the fields are empty. right?
Take the login out, enforce the users to login with email addresses. also, take md5 of the password. who stores raw passwords these days?
讨论(0) -
You are setting the same value to two variables, and then using an if/else. Both if statements are equivalent.
You need to figure out if
$_REQUEST[login]contains a valid email address, and if so use the email field of the database. Otherwise, use the username field.Also, you should not be putting variables directly into the query. Use prepared statements.
讨论(0) -
Hi, for me works something like this:
if ( !isset($_POST['emailuser'], $_POST['userPass']) ) { // Could not get the data that should have been sent. die ('Please fill both the username and password field!'); } $emailuser = ($_POST['emailuser']); $emailuser = trim($emailuser); if ($stmt = $con->prepare('SELECT userEmail or userName, userPass FROM users WHERE userEmail = ? or userName = ?')) { // Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s" $stmt->bind_param('ss', $emailuser, $emailuser); $stmt->execute(); // Store the result so we can check if the account exists in the database. $stmt->store_result(); if ($stmt->num_rows > 0) { $stmt->bind_result($userName, $userPass); $stmt->fetch(); // Account exists, now we verify the password. // Note: remember to use password_hash in your registration file to store the hashed passwords. if (password_verify($_POST['userPass'], $userPass)) { // Verification success! User has loggedin! // Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server. session_regenerate_id(); $_SESSION['loggedin'] = true; $_SESSION['name'] = $emailuser; $_SESSION['emailuser'] = $userName; header('location: /menu.php'); } else { echo 'Incorrect password!'; } } else { echo 'Incorrect username!'; } $stmt->close(); } ?>讨论(0)
加载中...
- 热议问题