javascript - 我的注册码允许同一电子邮件注册两次(仅当表单快速连续多次提交时)

Question

我用 HTML、Javascript 和 php 编写了一些注册代码。 注册流程(较高级别)如下:

用户:
1. 在 HTML 表单中输入电子邮件、姓名和密码(两次)。
2. 他们按“创建帐户”
3. 然后在我的用户表中搜索他们的电子邮件，看看是否 存在。
4. 如果存在，则会告知他们已经注册，并提供登录屏幕的链接。 5. 如果电子邮件尚不存在，则将其(与其他用户详细信息一起)插入到我的数据库中的用户表中

我的代码可以很好地实现这一点，但是在测试它时我发现了一个错误。如果用户非常快地多次按下“创建帐户”，则允许同一电子邮件地址注册两次。我能做些什么来阻止这种情况吗？

这是我的代码:
JQuery/Javascript

$("#registration_form").on("submit", function(e){
    //this is called when the form is submitted i.e when "create account" is pressed
    e.preventDefault();

    var registration_email = $('#registration_email').val();  
    var registration_password = $('#registration_password').val(); 
    var registration_password_confirmation = $('#confirm_registration_password').val(); 
    var registration_display_name = $('#registration_display_name').val(); 

    //validate fields and check if passwords match.
    //all values have passed validation testing therefore make ajax request

    var params = { 'registration_email' : registration_email, 'registration_password' : registration_password , 'registration_display_name' :  registration_display_name, 'app_root_url':app_root_url}; 

        $.ajax({
        url: app_root_url + 'login_registration/registration_processing.php',
        data: JSON.stringify(params), 
        type: "POST",
        dataType: "json",
        contentType: "application/json;charset=utf-8",

            success: function(data){
            var result = data;

            var emailAlreadyExists = result.email_already_exists; 
            if(emailAlreadyExists){
                //email already exists in our database and therefore the user is already registered so should use the login form

                displayError('registration_feedback_message', 'This email already exists in the system. If you already have an account please <a href="#page-login">login here!</a>');

            }else{
                //email does not already exist in our database

            }               

        }//end success
    });//end ajax


});

registration_processing.php(该文件的主要部分)

include_once '../includes/app_functions.php';
$app_root_url = filter_var($json->app_root_url, FILTER_SANITIZE_URL);
$email = filter_var($json->registration_email, FILTER_SANITIZE_EMAIL); 
$password = filter_var($json->registration_password, FILTER_SANITIZE_STRING);
$display_name = filter_var($json->registration_display_name, FILTER_SANITIZE_STRING);
//more data filtering is performed here

$userPrivilegeID = 1; //basic user privilege
$userHasPassword = 1; //boolean 1 or 0

$profileImage = "images/profile_images/blank-avatar.png"; 

$results = registerUser($password, $email, $isAvatarImage, $profileImage, $userPrivilegeID, $display_name, $userHasPassword, $pdoConnection);

//create an array to store all values that we want to send back to the client side.
$data = array();
if($results['exception_occurred'] == true){
        $data['exception_occurred'] = true;
        $data['exception_message'] = $results['exception_message']; 
        echo json_encode($data);

}else{
        $data['exception_occurred'] = false;
        if($results['email_already_exists'] == true){
            //email already exists. user is already registered and therefore has a password
            //need to show error to user to say they are already registered and should use the login form.

            $data['email_already_exists'] = true;
            echo json_encode($data);

        }else{
            //email didnt exist so they have been registered
            $data['email_already_exists'] = false;
            //create an array which we will encrypt as our JWT token
            $token = array();
            $token['userID'] = $results['user_id'];
            $token['email'] = $email;

            $data['userID'] = $results['user_id'];
            $data['user_is_subscriber'] = true;
            $data['valid_user'] = true;
            $data['userDetails'] = getProfile($results['user_id'], $pdoConnection);

            $data['usertoken'] = JWT::encode($token, 'secret_server_key');
            //echo data back to ajax request on client side
            echo json_encode($data);
        }
}

registerUser 函数(在 app_functions.php 中)

function registerUser($password, $email, $isAvatarImage, $profileImage, $userPrivilegeID, $display_name, $userHasPassword, $pdoConnection){
    $data = array();
    try{
        $data['exception_occurred'] = false;
        //first check if that email already exists just in case
        $query = "SELECT COUNT(userID) FROM users WHERE emailAddress=:emailAddress";
        $statement = $pdoConnection->prepare($query);
        $statement->bindValue(':emailAddress', $email, PDO::PARAM_STR);
        $statement->execute();  
        $rowCount = $statement->fetchColumn(0);
        if($rowCount > 0){
            //email already exists. user is already registered and therefore has a password
            //need to show error to user to say they are already registered and should use the login form.
            $data['email_already_exists'] = true; 
            return $data;
        }else{
            $data['email_already_exists'] = false;

            $hashedPassword = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);
            $query = "INSERT INTO users (emailAddress, password, isAvatarImage, profileImage, userPrivilegeID, displayName, userHasPassword) VALUES (:emailAddress, :password, :isAvatarImage, :profileImage, :userPrivilegeID, :displayName, :userHasPassword)";
            $statement = $pdoConnection->prepare($query);
            $statement->bindValue(':emailAddress', $email, PDO::PARAM_STR);
            $statement->bindValue(':password', $hashedPassword, PDO::PARAM_STR);
            $statement->bindValue(':isAvatarImage', $isAvatarImage, PDO::PARAM_INT);
            $statement->bindValue(':profileImage', $profileImage, PDO::PARAM_STR);
            $statement->bindValue(':userPrivilegeID', $userPrivilegeID, PDO::PARAM_INT);
            $statement->bindValue(':displayName', $display_name, PDO::PARAM_STR);
            $statement->bindValue(':userHasPassword', $userHasPassword, PDO::PARAM_INT);
            $statement->execute();
            $data['user_id'] = $pdoConnection->lastInsertId();
            return $data;
        }
    }catch(PDOException $e){
        //throw new pdoDbException($e); 
        $data['exception_occurred'] = true;
        $data['exception_message'] =  $e->getMessage();
        return $data;
    }
}

我能想到的一个解决方案是在“创建帐户”按钮上放置一个计时器，以便多个ajax请求不能如此紧密地同时发出？

编辑

在阅读了您的一些解决方案后，我正在考虑使电子邮件字段变得独一无二。谢谢 我在 phpMyAdmin 中工作，那么只需按“unique”(在图像中突出显示)那么简单吗？

编辑2

我尝试将电子邮件创建为唯一 key ，但收到以下错误:

编辑3

为了解决上面的错误(在编辑 2 中)，我将电子邮件地址字段的排序规则从 utf8mb4_unicode_ci 更改为 utf8_unicode_ci，然后我尝试再次按“unique”，它成功了。谢谢大家

Answer 1

您可以将 UNIQUE CONSTRAINT 添加到数据库中的电子邮件字段。这样，如果您尝试插入已存在的电子邮件，则会失败。