我用 HTML、Javascript 和 php 编写了一些注册代码。 注册流程(较高级别)如下:
用户:
1. 在 HTML 表单中输入电子邮件、姓名和密码(两次)。
2. 他们按“创建帐户”
3. 然后在我的用户表中搜索他们的电子邮件,看看是否
存在。
4. 如果存在,则会告知他们已经注册,并提供登录屏幕的链接。
5. 如果电子邮件尚不存在,则将其(与其他用户详细信息一起)插入到我的数据库中的用户表中
我的代码可以很好地实现这一点,但是在测试它时我发现了一个错误。如果用户非常快地多次按下“创建帐户”,则允许同一电子邮件地址注册两次。我能做些什么来阻止这种情况吗?
这是我的代码:
JQuery/Javascript
$("#registration_form").on("submit", function(e){
//this is called when the form is submitted i.e when "create account" is pressed
e.preventDefault();
var registration_email = $('#registration_email').val();
var registration_password = $('#registration_password').val();
var registration_password_confirmation = $('#confirm_registration_password').val();
var registration_display_name = $('#registration_display_name').val();
//validate fields and check if passwords match.
//all values have passed validation testing therefore make ajax request
var params = { 'registration_email' : registration_email, 'registration_password' : registration_password , 'registration_display_name' : registration_display_name, 'app_root_url':app_root_url};
$.ajax({
url: app_root_url + 'login_registration/registration_processing.php',
data: JSON.stringify(params),
type: "POST",
dataType: "json",
contentType: "application/json;charset=utf-8",
success: function(data){
var result = data;
var emailAlreadyExists = result.email_already_exists;
if(emailAlreadyExists){
//email already exists in our database and therefore the user is already registered so should use the login form
displayError('registration_feedback_message', 'This email already exists in the system. If you already have an account please <a href="#page-login">login here!</a>');
}else{
//email does not already exist in our database
}
}//end success
});//end ajax
});
registration_processing.php(该文件的主要部分)
include_once '../includes/app_functions.php';
$app_root_url = filter_var($json->app_root_url, FILTER_SANITIZE_URL);
$email = filter_var($json->registration_email, FILTER_SANITIZE_EMAIL);
$password = filter_var($json->registration_password, FILTER_SANITIZE_STRING);
$display_name = filter_var($json->registration_display_name, FILTER_SANITIZE_STRING);
//more data filtering is performed here
$userPrivilegeID = 1; //basic user privilege
$userHasPassword = 1; //boolean 1 or 0
$profileImage = "images/profile_images/blank-avatar.png";
$results = registerUser($password, $email, $isAvatarImage, $profileImage, $userPrivilegeID, $display_name, $userHasPassword, $pdoConnection);
//create an array to store all values that we want to send back to the client side.
$data = array();
if($results['exception_occurred'] == true){
$data['exception_occurred'] = true;
$data['exception_message'] = $results['exception_message'];
echo json_encode($data);
}else{
$data['exception_occurred'] = false;
if($results['email_already_exists'] == true){
//email already exists. user is already registered and therefore has a password
//need to show error to user to say they are already registered and should use the login form.
$data['email_already_exists'] = true;
echo json_encode($data);
}else{
//email didnt exist so they have been registered
$data['email_already_exists'] = false;
//create an array which we will encrypt as our JWT token
$token = array();
$token['userID'] = $results['user_id'];
$token['email'] = $email;
$data['userID'] = $results['user_id'];
$data['user_is_subscriber'] = true;
$data['valid_user'] = true;
$data['userDetails'] = getProfile($results['user_id'], $pdoConnection);
$data['usertoken'] = JWT::encode($token, 'secret_server_key');
//echo data back to ajax request on client side
echo json_encode($data);
}
}
registerUser 函数(在 app_functions.php 中)
function registerUser($password, $email, $isAvatarImage, $profileImage, $userPrivilegeID, $display_name, $userHasPassword, $pdoConnection){
$data = array();
try{
$data['exception_occurred'] = false;
//first check if that email already exists just in case
$query = "SELECT COUNT(userID) FROM users WHERE emailAddress=:emailAddress";
$statement = $pdoConnection->prepare($query);
$statement->bindValue(':emailAddress', $email, PDO::PARAM_STR);
$statement->execute();
$rowCount = $statement->fetchColumn(0);
if($rowCount > 0){
//email already exists. user is already registered and therefore has a password
//need to show error to user to say they are already registered and should use the login form.
$data['email_already_exists'] = true;
return $data;
}else{
$data['email_already_exists'] = false;
$hashedPassword = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);
$query = "INSERT INTO users (emailAddress, password, isAvatarImage, profileImage, userPrivilegeID, displayName, userHasPassword) VALUES (:emailAddress, :password, :isAvatarImage, :profileImage, :userPrivilegeID, :displayName, :userHasPassword)";
$statement = $pdoConnection->prepare($query);
$statement->bindValue(':emailAddress', $email, PDO::PARAM_STR);
$statement->bindValue(':password', $hashedPassword, PDO::PARAM_STR);
$statement->bindValue(':isAvatarImage', $isAvatarImage, PDO::PARAM_INT);
$statement->bindValue(':profileImage', $profileImage, PDO::PARAM_STR);
$statement->bindValue(':userPrivilegeID', $userPrivilegeID, PDO::PARAM_INT);
$statement->bindValue(':displayName', $display_name, PDO::PARAM_STR);
$statement->bindValue(':userHasPassword', $userHasPassword, PDO::PARAM_INT);
$statement->execute();
$data['user_id'] = $pdoConnection->lastInsertId();
return $data;
}
}catch(PDOException $e){
//throw new pdoDbException($e);
$data['exception_occurred'] = true;
$data['exception_message'] = $e->getMessage();
return $data;
}
}
我能想到的一个解决方案是在“创建帐户”按钮上放置一个计时器,以便多个ajax请求不能如此紧密地同时发出?
编辑
在阅读了您的一些解决方案后,我正在考虑使电子邮件字段变得独一无二。谢谢 我在 phpMyAdmin 中工作,那么只需按“unique”(在图像中突出显示)那么简单吗?
编辑2
我尝试将电子邮件创建为唯一 key ,但收到以下错误:
编辑3
为了解决上面的错误(在编辑 2 中),我将电子邮件地址字段的排序规则从 utf8mb4_unicode_ci 更改为 utf8_unicode_ci,然后我尝试再次按“unique”,它成功了。谢谢大家
最佳答案
您可以将 UNIQUE CONSTRAINT 添加到数据库中的电子邮件字段。这样,如果您尝试插入已存在的电子邮件,则会失败。
关于javascript - 我的注册码允许同一电子邮件注册两次(仅当表单快速连续多次提交时),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41827933/