登录表格(login_form.php)
<form action="checkuser.php" class="reg-page" method="post" name="" id="">
<div class="reg-header">
<h2>Client Login</h2>
</div>
<div class="input-group" style="padding-bottom:20px">
<span class="input-group-addon"><i class="fa fa-user"></i></span>
<input type="text" placeholder="Username" name="username" id="username" class="form-control">
</div>
<div class="input-group" style="padding-bottom:20px">
<span class="input-group-addon"><i class="fa fa-lock"></i></span>
<input type="password" placeholder="Password" name="password" id="password" class="form-control">
</div>
<div class="row">
<div class="col-md-6">
<button class="btn btn-success" name="submit" type="submit">Login</button>
</div>
</div>
<hr>
<h4>Forget your Password ?</h4>
<p>no worries, <a class="color-green" href="lostpw.php">click here</a> to reset your password.</p>
</form>
这是我的checkuser.php代码:
<?
/* Check User Script */
session_start(); // Start Session
include 'db.php';
// Convert to simple variables
$username = $_POST['username'];
$password = $_POST['password'];
if((!$username) || (!$password)){
/*echo "Please enter ALL of the information! <br />";*/
echo '<script type="text/javascript">alert("Please enter both username and password.");</script>';
include 'login_form.php';
exit();
}
// Convert password to md5 hash
$password = md5($password);
// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email_address'] = $email_address;
mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
header("Location: login_success.php");
}
} else {
echo '<script type="text/javascript">alert("You could not be logged in! Either the username and password do not match or you have not validated your membership. Please try again.");</script>';
include 'login_form.php';
}
?>
这是我的会员页面启动的方式(login_success.php):
<?
include 'db.php';
session_start();
//checked whether the user is logged in or not
$user = $_SESSION['username'];
if($_SESSION['username'])
{
$user = $_SESSION['username'];
header("Location: login_form.php");
exit();
}
mysql_select_db('ibsclientlogin');
$sql="SELECT * FROM users";
$records=mysql_query($sql);
?>
这是我显示登录用户的db数据的页面部分:
<div class="row">
<?php
while ($users=mysql_fetch_assoc($records)){ ?>
<div class='col-md-6 col-sm-6 mobile-pad'>
<h3>Client Information</h3>
<ul>
<label>Contact First Name:</label> <?php echo $users['first_name']; ?><br>
<label>Contact Last Name:</label> <?php echo $users['last_name']; ?><br>
<hr>
<label>Company:</label> <?php echo $users['company']; ?><br>
<hr>
<label>Email:</label> <?php echo $users['email_address']; ?><br>
<label>Phone:</label> <?php echo $users['phone']; ?><br>
<hr>
<label>Username:</label> <?php echo $users['username']; ?><br><br>
<!--<a target="_blank" class="btn btn-success" href="">Change My Password</a>-->
</ul>
</div>
<div class='col-md-6 col-sm-6'>
<h3>Contract Information</h3>
<ul>
<label>Contract Start Date:</label> <?php echo $users['contract_start']; ?><br>
<label>Contract Expiration Date:</label> <?php echo $users['contract_end']; ?><br><br>
<a target="_blank" class="btn btn-success" href="mailto:sales@ibusinessresources.com?subject=iBusiness Resources Client Renewal Request - <?php echo $users['company']; ?>">Renew Me Now</a>
</ul>
<hr>
<h3>My Documents</h3>
<h5>
<ul>
<label>Agreement:</label> <a target="_blank" href="<?php echo $users['filename']; ?>"</a>Click to Download<br>
</ul>
</h5>
<hr>
<h3>Need Help?</h3>
<h5>
<ul>
<i class="fa fa-phone"></i><a href="tel:12109606788"> (210) 960-6788</a><br><br>
<i class="fa fa-envelope"></i><a href="mailto:sales@ibusinessresources.com"> sales@ibusinessresources.com</a><br>
</ul>
</h5>
</div>
<?php } ?>
</div>
但结果是我的成员页面显示了我数据库中的两个示例用户。我是一个将这段代码放在一起的菜鸟#34;孵化&#34;互联网上的代码。我似乎很接近,但这部分让我感到难过。
以下是成员页面的屏幕截图,其中包含两个用户数据的循环。
答案 0 :(得分:0)
嗯,成功登录后,在login_success.php中,您要求db中的所有用户记录:
$sql="SELECT * FROM users";
这不是你想要做的。
成功登录后,您将决定登录成功的权限。把你的业务逻辑放在那一点。
例如。如上所述
$sql="SELECT * FROM users WHERE username = '".$_SESSION['username']."'";
答案 1 :(得分:-1)
好的,所以你在这里遇到了一些不同的问题。
首先,您要在您定义的登录页面上检查您从未创建的会话变量$ _SESSION [&#39;用户名&#39;]:
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email_address'] = $email_address;
但从不使用用户名 - 首先,您需要添加$ _SESSION [&#39;用户名&#39;] = $ username;到您的登录脚本。
其次,你在这里检查确实存在 - 大概是你真的想要检查它是否存在:
//Currently, this says if $_SESSION['username'] does exist, then send them abck to the login screen!!
if($_SESSION['username'])
{
$user = $_SESSION['username'];
header("Location: login_form.php");
exit();
}
相反,if行应为
if (!isset($_SESSION['username'])){ ....
然后,如上所述,您的select语句将获取所有用户,因此您需要添加WHERE子句以仅获取当前用户:
$sql="SELECT * FROM users WHERE username = '".$_SESSION['username']."'";
那个shoudl会让你回到正轨!