0) { $_SESSION["username"] = $username; echo ""; } else { echo ""; } } else if (isset($_REQUEST["register"]) or isset( $_REQUEST["add"])) { // 从前端获取用户名，以及两次密码输入，以及邮箱 $username = $_REQUEST["username"]; $password = $_REQUEST["password"]; $password2 = $_REQUEST["password2"]; $email = $_REQUEST["email"]; // 判断两次密码是否一致 if ($password != $password2) { echo "两次密码不一致"; exit; } // 判断用户名或邮箱是否已存在 $sql = "select * from users where username='$username' or email='$email'"; $result = mysqli_query($conn, $sql); if (mysqli_num_rows($result) > 0) { echo "用户名或邮箱已存在"; exit; } // 写sql语句，插入一条新的用户记录 $sql = "insert into users(username, password, email) values('$username', '$password', '$email')"; $result = mysqli_query($conn, $sql); // 插入成功后，返回注册成功信息 if ($result) { if(isset($_REQUEST["add"])) { echo ""; } else { echo ""; } } else { if(isset($_REQUEST["add"])) { echo ""; } else { echo ""; } } } else if (isset($_REQUEST["change"])) { // 修改用户信息的操作 $userid = $_REQUEST["id"]; $username = $_REQUEST["username"]; $email = $_REQUEST["email"]; // 判断是否需要修改密码,判断密码的长度 if (strlen($_REQUEST["password"]) > 0) { $password = $_REQUEST["password"]; $password2 = $_REQUEST["password2"]; if ($password != $password2) { echo ""; exit; } // 更新用户名，密码，邮箱 // 存在逻辑漏洞，没有判断用户名是否存在，可以修改别人的用户名 $sql = "update users set username='$username', password='$password', email='$email' where id='$userid'"; $result = mysqli_query($conn, $sql); if ($result) { echo ""; } else { echo ""; } } else { // 更新用户名和邮箱 $sql = "update users set username='$username', email='$email' where id='$userid'"; $result = mysqli_query($conn, $sql); if ($result) { echo ""; } else { echo ""; } } } else if (isset($_REQUEST["del"])) { // 删除用户 $userid = $_REQUEST["id"]; $sql = "delete from users where id='$userid'"; $result = mysqli_query($conn, $sql); if ($result) { echo ""; } else { echo ""; } } else { echo "错误操作"; } ?>