使用session从数据库中检索数据

时间:2013-01-04 09:01:49

标签: php session fetch

您好我在这里阅读了主题并尝试以不同的方式进行,但我的问题仍未解决。我尝试存储会话并使用它从数据库中再次检索数据。我使用会话idmember并将其设置为变量,然后将其用于查询以回显他/她的名字和姓氏。我可以进入主页面,但用户名称不会回显它。 总结这里是如何工作的。 index>验证(验证)>学生/ index.php的

的functions.php

<?php 

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = true; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(); // regenerated the session, delete the old one.     
}



?>

index.php(主页)

<?php 
include ('include/functions.php');
sec_session_start();
include ('header.php');
?>
<title>Students Portal</title>
<div id="upper_row"><b>Announcement:</b></div>
    <div id="l_column"></div>

      <div id="r_column">
      <form action="authenticate.php" method="POST" name="loginform">
  <table width="100%">
      <tr>
        <th colspan="3" align="left">USER LOGIN<br /><hr /></th>
      </tr>
      <tr>
        <td width="72">Username:</td>
        <td width="212">
             <script type="text/javascript">
            function blank(a) { if(a.value == a.defaultValue) a.value = ""; }
            function unblank(a) { if(a.value == "") a.value = a.defaultValue; }
            </script> 
        <input type="text" value="Enter your School ID here" onfocus="blank(this)" onblur="unblank(this)" name="id" />
        </td>

      </tr>
      <tr>
         <td>Password:</td>
         <td><script type="text/javascript">
        function blank(a) { if(a.value == a.defaultValue) a.value = ""; }
        function unblank(a) { if(a.value == "") a.value = a.defaultValue; }
        </script> 
        <input type="password" value="Password" onfocus="blank(this)" onblur="unblank(this)" name="password" /></td>
      </tr>
      <tr>
        <td></td>
      <td rowspan="3" align="center"><input type="submit" name="login" value="Login" /></td>
      </tr>
  </table>

      </form>
      </div>


  <?php 
include "footer.php";
?>

authenticate.php

<?php
include ('include/conn.php');
include ('include/functions.php');
sec_session_start();
// username and password sent from form
if(isset($_POST['login'])) {    
        $user=$_POST['id'];
        $pass=$_POST['password'];

        // To protect MySQL injection (more detail about MySQL injection)
        $user = stripslashes($user);
        $pass = stripslashes($pass);
        $user = mysql_real_escape_string($user);
        $pass = mysql_real_escape_string($pass);
        $crypt_pass=md5($pass);
        //query from database
        $result=mysql_query("SELECT username,user_pass,user_id FROM tbl_user WHERE username ='$user' and user_pass='$crypt_pass'");
        $result2=mysql_fetch_row($result);
        // Mysql_num_row is counting table row
        $count=mysql_num_rows($result);

        //First Step of Validation
        //get the ip address of the user then the attempts
        $iptocheck = $_SERVER['REMOTE_ADDR'];
        $iptocheck = mysql_real_escape_string($iptocheck);
        $resultip = mysql_query("SELECT ip_address,login_attempts,username FROM tbl_sec_login WHERE ip_address = '$iptocheck' AND username='$user'");
        $ipcount = mysql_num_rows($resultip);
        $rowx = mysql_fetch_row($resultip);

        if(mysql_num_rows($resultip) > 1) {
            //Already has some IP address records in the database
            //Get the total failed login attempts associated with this IP address
            if ($rowx['1'] > 3) {
                header("Location: index.php");
            }
        }
        //If none then insert it to the table
        else if ($ipcount == 0) {
            $loginattempts = 0;

            mysql_query("INSERT INTO tbl_sec_login (ip_address,login_attempts,username) VALUES ('$iptocheck','$loginattempts','$user')");
        }
        //Second step of validation
        //if count is equal to 1 then proceed to next condition
        if($count==1){
                //Third Step of Validation
                // If result matched $user and $crypt_pass, table row must be 1 row

                if ($user==$result2[0] AND $crypt_pass==$result2[1]){
                    $_SESSION['idmember'] = $_POST['id'];

                    $loginattempts = 0;
                    mysql_query("DELETE FROM tbl_sec_login WHERE ip_address = '$iptocheck' AND username='$user'");


                    if($result2[2]==3) {
                    header("Location: student/index.php?id=$user");
                    }elseif ($result2[2]==2) {
                    header("Location: epersonnel/index.php");
                    }elseif ($result2[2]==1) {
                    header("Location: admin/index.php");
                    }

                }else{
                    $loginattempts = $rowx['1'] + 1;

                    mysql_query("UPDATE tbl_sec_login SET login_attempts = '$loginattempts' WHERE ip_address = '$iptocheck' AND username='$user'");
                    header("Location: login.php");
                }

            } 
            else {
                $loginattempts = $rowx['1'] + 1;

                mysql_query("UPDATE tbl_sec_login SET login_attempts = '$loginattempts' WHERE ip_address = '$iptocheck' AND username='$user'");
                header("Location: login.php");
            }
        }

        else {
            header("Location: index.php");
            }


?>

学生/ index.php的

<?php
session_start(); 

if(!empty($_SESSION['idmember'])){
    header("Location: login.php");
}
require 'include/conn.php';
$id = $_SESSION['idmember'];
$query="SELECT first_name,last_name FROM tbl_studentmasterlist WHERE sid ='$id'";
$result=mysql_query($query);
$row = mysql_fetch_array($result);

include "header.php";
?>
<div id="s_l_column">
    <div id="i_location">
    Welcome, <br />
    <center><img name="" src="" width="185" height="135" alt=""> <br />
    &raquo; <?php echo $row['first_name']." ".$row['last_name'];?> </center>
    <hr />
    </div>

    <div id="side_menubar">
    </div>
</div>

<div id="s_r_column">

    <div class="menubar">
        <ul>
            <li><a href="#" class="leftEdge clearBorder">Home</a></li>
            <li><a href="#">Account Setting</a></li>
            <li><a href="#">Enrollment Guide</a></li>
            <li><a href="#">Enroll</a></li>
            <li><a href="#" class="rightEdge">Logout</a></li>
        </ul>                
    </div>

    <div id="b_contianer">

    </div>

</div>


<?php 
include "footer.php";
?>

1 个答案:

答案 0 :(得分:0)

当你已经设置了$ _SESSION ['idmember']变量时,为什么要重定向到login.php页面?这没有多大意义。

您的代码执行以下操作:

当您第一次调用index.php站点时,未设置会话变量“idmember”,因此不会显示名字和姓氏,因为您的查询不会返回任何结果。

这里的问题在于以下代码行(index.php):

if(!empty($_SESSION['idmember'])){
    header("Location: login.php");
}

如果您的会话变量'idmember'不为空,请在此检查。因此,每次使用'idmember'设置调用index.php时,您将被重定向到login.php。

要解决此问题,只需使用以下代码替换您的代码:

if (!isset($_SESSION['idmember'])){
    header("Location: login.php");
}

如果未设置会话变量'idmember',则检查用户是否将用户重定向到login.php页面(如果是)。用户成功登录后,用户再次调用index.php,您的查询将返回一个结果(前提是具有'idmember'值的用户实际存在...)。最后,应显示名字和姓氏。