forked from cheshirecats/CuriousWall
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaccount_db.php
61 lines (51 loc) · 1.67 KB
/
account_db.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<?php
require_once 'connect.php';
$_POST['user'] = trim($_POST['user']);
$_POST['pass'] = trim($_POST['pass']);
$pass_salt = 'just_for_demo';
if ($_POST['method'] == 'login')
{
if(!$_POST['user'] || !$_POST['pass']) die('请填写用户名及密码。');
$query = $db->prepare("SELECT user_id, user_name FROM users WHERE ((user_name LIKE ?) AND (user_pass = UNHEX(?)))");
$query->execute(array($_POST['user'], hash('sha256', $_POST['pass'].$pass_salt)));
$row = $query->fetch(PDO::FETCH_ASSOC);
if(!$row['user_name'])
{
die('用户名或密码错误。');
}
$_SESSION['user_name']=$row['user_name'];
$_SESSION['user_id']=$row['user_id'];
die('登陆成功。');
}
else if ($_POST['method'] == 'register')
{
if(!$_POST['user'] || !$_POST['pass']) die('请填写用户名及密码。');
if (!preg_match("/^[a-zA-Z0-9]+$/u",$_POST['user']))
{
die('用户名只能包括英文字母、数字。');
}
if (strlen($_POST['user']) >= 8)
{
die('用户名长度不能超过8字。');
}
$query = $db->prepare("SELECT user_id FROM users WHERE user_name LIKE ?");
$query->execute(array($_POST['user']));
if ($query->rowCount() > 0)
{
die('用户名已被使用。');
}
$query = $db->prepare("INSERT INTO users(user_name,user_pass) VALUES(?,UNHEX(?))");
$query->execute(array($_POST['user'], hash('ripemd160', $_POST['pass'].$pass_salt)));
if ($query->rowCount() < 1)
{
die('用户名已被使用。');
}
$_SESSION['user_id'] = $db->lastInsertId();
$_SESSION['user_name'] = $_POST['user'];
die('注册成功。<a href = "index.php">[点击此处进入首页]</a>');
}
else
{
header('location: index.php');
}
?>