我的会议似乎在不应该被破坏时被破坏

时间:2013-04-04 00:21:17

标签: php

我有一个页面有各种输入,他们输入一些文本,然后按提交,将他们输入的信息插入数据库...它工作正常,但当我将它们重定向回他们的主页(仅适用于登录用户)我的网站实际上将他们带回到索引页面(可供所有人使用),并显示消息“您必须登录才能执行此操作...”

然后我重新登录以检查我输入的内容是否已发布,它是...并且它是作为我的名字发布的,这告诉我至少插入了我的帖子的页面存储了我的会话< / p>

我已经检查了我的代码,以确保我传递会话变量,我似乎正在做正确的事情。

以下是我在主页上确保用户已登录的内容:

<?php session_start(); ?>
<?php
    if (!isset($_SESSION['id'])){
        header("Location: index.php?message=You Must Log in to go there!");
    }
?>

以下是insert-post.php页面的代码:

<?php session_start(); ?>
<?php require_once("../includes/include_all.php"); ?>
<?php


    #myslqi connection
    $con = new mysqli(host,db_username,db_password, db_name);

    #THE POST VARIABLES
    $content = $con->real_escape_string($_POST['content']);
    $details = $con->real_escape_string(nl2br($_POST['details']));
    $user_id = $_SESSION['id'];
    $subjectArray = explode(',', $_POST['subject']);
    $bonus = $_POST['bonus'];
    #DATES
    $date = date('Y-m-d G:i:s', time());
    $date_expires = date('Y-m-d G:i:s', time() + (3600*4)); 
    #photo
    $photo_name = $_POST['photo_name'];


    #cost of this post
    $cost = $bonus+200;


    #insert the question

    $query = "INSERT INTO questions 
                (content, award, image, details, user_id, category, sub_category, date_created, date_expires, alive) 
                    VALUES ('".$content."', 
                                    '".$bonus."',
                                    '".$photo_name."',
                                    '".$details."',
                                    '".$_SESSION['id']."', 
                                    '".$subjectArray[1]."',
                                    '".$subjectArray[0]."',
                                    '".$date."',
                                    '".$date_expires."',
                                    1)
                    ";
    $insert_question = $con->query($query);

    if (!$insert_question){
        die("Could not enter the question [" .$con->error . "]");
    } else{
        header("Location: ".document_root."home.php?query=questions&message=Your question post was successful!");
    }

?>

标题会带您回到带有query = questions的主页,这些问题只会显示您最近发布的帖子并留下您的消息...它位于同一页面上,该页面具有用户登录的验证...

编辑: 登录验证代码:

#check for user via username/password
public function can_log_in($inputs){


   $query = "SELECT * FROM users WHERE user_name = '".$inputs['user_name']. "' AND password = '".$inputs['password']."'";
   $result = $this->con->query($query);
   if (!$result){
     die("Not performing query [" .$this->con->error);
   }
   if ($result->num_rows == 1){
    #start session
    $_SESSION['id'] = $this->get_user_id($inputs['user_name']);
    $_SESSION['user'] = $inputs['user_name'];
        return true;
    } else{
        return false;
        }
}

AND get user_id函数

#fetch user id
public function get_user_id($username){
     $query = "SELECT * FROM users WHERE user_name = '".$username."'";
     $result = $this->con->query($query);
     while ($row = $result->fetch_assoc()){
    return $row['id'];
     }
}

这些在User类

0 个答案:

没有答案
相关问题
最新问题