我一直试图在过去的4个小时内修复此代码,似乎无法让它工作。 $ _SESSION变量在用户登录(或创建帐户)时设置,并在注销时销毁。然而,当我提交某个表单时,突然之前工作的$ _SESSION变量会抛出一个未定义的变量错误。我为大量内容道歉,但在尽职调查中,我得出结论,我自己找不到,必须向别人寻求帮助。
用户操作调用代码的顺序中的相关代码。
<?php
include 'db_connect.php';
include 'functions.php';
session_start();
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$_SESSION['sessionInitialize'] = false;
// To protect mysqli injection (more detail about mysqli injection)
//$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$mypassword = md5(md5("SaLt".$mypassword."SaLt"));
$query = "SELECT * FROM secure_login.members WHERE username='" . $myusername . "' and password='" . $mypassword . "'";
$result = $mysqli->query($query) or die ($mysqli->error.__LINE__);
// If result matched $myusername and $mypassword, table row must be 1 row
if($result->num_rows == 1){
initializeSessionVariables();
// Register $myusername, $mypassword and redirect to file "acct.php"
$_SESSION['currentUser']=$_POST['myusername'];
//$_SESSION['mypassword']=$_POST['mypassword'];
header("location:myAcct.php");
}
else {
echo "Wrong Username or Password";
header("location:index.php");
}
$mysqli->close();
?>
为用户初始化相关会话变量的功能。
function initializeSessionVariables(){
$_SESSION['currentUser'] = $_SESSION['currentUser'];
$_SESSION['currentUserAcctId'] = "";
$_SESSION['currentUserSummonerId'] = "";
$_SESSION['currentUserLeagues'] = "";
$_SESSION['currentUserEmail'] = "";
$_SESSION['currentUserAvatarURL'] = "";
$_SESSION['currentUserSummName'] = "";
$_SESSION['currentUserRealName'] = "";
$_SESSION['currentUserBday'] = "";
$_SESSION['currentUserSecondEmail'] = "";
}
帐户页面。
<?php
$summonerName=$_SESSION['currentUser'];
echo "Current User: " . $_SESSION['currentUser'] . "<br>";
echo "<br>Current User \$summonerName: " . $summonerName;
//Create prepared statement.
$query = "SELECT * FROM `stats`.`summoners` WHERE `summoners`.`name`='" . $summonerName . "'";
$result = $mysqli->query($query) or die ($mysqli->error.__LINE__);
echo "<br>test<br><br>";
Print_r ($result);
//Run query if query object returned
if ($result->num_rows == 0){
echo "<h1>=0</h1>";
//Free the result so it can be used in the following functions
$result->free();
getSummonerData(); //defined in functions.php
injectSummonerData(); //defined in functions.php
$query = "SELECT * FROM `stats`.`summoners` WHERE name='" . $summonerName . "'";
$result = $mysqli->query($query) or die ($mysqli->error.__LINE__);
//Get associative array for $result
$row = $result->fetch_assoc();
$_SESSION['currentUserAcctId'] = $row['acctId'];
//Print data.
printf ("<h3>Summoner Name: %s\n <br> Summoner Level: %s\n <br> AcctID: %s\n <br> SummonerID: %s</h3>", $row['name'], $row['summonerLevel'], $row['acctId'], $row['summonerId']);
//Close result object
//$result->close();
echo "<br>";
//Close DB Connection
$mysqli->close();
}
else if($result->num_rows == 1){
echo "<h1>=1</h1>";
$row = $result->fetch_assoc();
$_SESSION['currentUserAcctId'] = $row['acctId'];
printf ("<h3>Summoner Name: %s\n <br> Summoner Level: %s\n <br> AcctID: %s\n <br> SummonerID: %s</h3>", $row['name'], $row['summonerLevel'], $row['acctId'], $row['summonerId']);
echo "<br><h4>This data is already in the database. Did nothing.</h4>";
}
echo "<br>" . $_SESSION['currentUserAcctId'];
?>
Profile.php
<p>Profile info</p>
<?php
displayProfileInformation($_SESSION['currentUser']);
?>
displayProfileInformation Function
function displayProfileInformation($currentUser){
include 'dbstat_connect.php';
$query = "SELECT * FROM `stats`.`userAccount` where `userAccount`.`profName` = '" . $currentUser ."'";
if ($result = $mysqli->query($query) or die ($mysqli->error.__LINE__)){
if ($result->num_rows == 1){
$row = $result->fetch_assoc();
echo "User Name: "; if(isset($currentUser)){echo $currentUser . "<br>";}
echo "Email: "; if(isset($row['email'])){echo $row['email'] . "<br>"; $_SESSION['currentUserEmail'] = $row['email'];}
echo "Avatar URL: "; if(isset($row['avatarURL'])){echo $row['avatarURL'] . "<br>"; $_SESSION['currentUserAvatarURL'] = $row['avatarURL'];}
echo "Summoner Name: "; if(isset($row['summName'])){echo $row['summName'] . "<br>"; $_SESSION['currentUserSummName'] = $row['summName'];}
echo "Real Name: "; if(isset($row['realName'])){echo $row['realName'] . "<br>"; $_SESSION['currentUserRealName'] = $row['realName'];}
echo "Birthdate: "; if(isset($row['bday'])){echo $row['bday'] . "<br>"; $_SESSION['currentUserBday'] = $row['bday'];}
echo "Secondary Email: "; if(isset($row['secondEmail'])){echo $row['secondEmail'] . "<br>"; $_SESSION['currentUserSecondEmail'] = $row['secondEmail'];}
echo "<br>Dafuq yo =1";
}
else if ($result->num_rows == 0){
echo "Dafuq yo =0";
echo "User Name: " . $currentUser . "<br>";
echo "Email: <br>";
echo "Avatar URL: <br>";
echo "Summoner Name: <br>";
echo "Real Name: <br>";
echo "Birthdate: <br>";
echo "Secondary Email: <br>";
echo "<h2>Enter what information you like by editing your profile below.</h2><br>";
}
else {
echo "Critical Error: Contact Admin.";
}
}
}
editProfile.php
Edit Profile
<?php editProfileInformationForm($_SESSION['currentUser']); ?>
editProfileInformationForm函数
function editProfileInformationForm($currentUser){
echo "<form action='processEditProfile.php' method='post'>";
echo "Profile Name: " . $_SESSION['currentUser'] . "<br>";
echo "Account ID: " . $_SESSION['currentUserAcctId'] . "<br>";
if (isset($_SESSION['currentUserEmail'])){
echo "Email: <input name='email' type='text' id='email' value='" . $_SESSION['currentUserEmail'] . "'/><br />";
}
else {
echo "Email: <input name='email' type='text' id='email' value=''/><br />";
}
if (isset($_SESSION['currentUserEmail'])){
echo "Secondary Email: <input name='secEmail' type='text' id='secEmail' value='" . $_SESSION['currentUserSecondEmail'] . "' /><br />";
}
else {
echo "Secondary Email: <input name=secEmail type='text' id=secEmail value=''/><br />";
}
if (isset($_SESSION['currentUserEmail'])){
echo "Real Name: <input name='realName' type='text' id='realName' value='" . $_SESSION['currentUserRealName'] . "' /><br />";
}
else {
echo "Real Name: <input name='realName' type='text' id='realName' value=''/><br />";
}
if (isset($_SESSION['currentUserAvatar'])){
echo "Avatar: <input name='avatar' type='text' id='avatar' value='" . $_SESSION['currentUserAvatarURL'] . "'/><br />";
}
else {
echo "Avatar: <input name='avatar' type='text' id='avatar' value=''/><br />";
}
if (isset($_SESSION['currentUserSummName'])){
echo "Summoner Name: <input name='summName' type='text' id='summName' value='" . $_SESSION['currentUserSummName'] . "'/><br />";
}
else {
echo "Summoner Name: <input name='summName' type='text' id='summName' value=''/><br />";
}
if (isset($_SESSION['currentUserBday'])){
echo "Birthday: <input name='bday' type='text' id='bday' value='" . $_SESSION['currentUserBday'] . "'/><br />";
}
else {
echo "Birthday: <input name='bday' type='text' id='bday' value=''/><br />";
}
echo "<small>(Bday Format~ YYYY-MM-DD)<small>";
echo "<input type='submit' name='submit' value='Submit'>";
echo "</form>";
}
最后,这是2 $ _SESSION变量引发错误的地方。这似乎没有任何理由,因此我为什么要来找你们。
<?php
include 'dbstat_connect.php';
//include 'functions.php';
//echo $_SESSION['currentUser'] . "<br>";
//If stmt valid, prepare to insert profile info into `userAccount`
if ($stmt = $mysqli->prepare("INSERT INTO `stats`.`userAccount` values (". $_SESSION['currentUserAcctId'] . ", "
. $_SESSION['currentUser'] . ", ?, ?, ?, ?, ?, ?, NULL, NULL, NULL, NULL, NULL)")){
//Bind paramaters
if($stmt->bind_param('ssssss', $_POST['email'], $_POST['avatar'], $_POST['summName'],
$_POST['realName'], $_POST['bday'], $_POST['secEmail'])){
//Execute the query. If true, show proof. If false, display error.
if($stmt->execute()){
//Show proof of insertion
echo "<h4>Your data has been inserted.</h4>";
}
//Check if stmt returned an error.
else{
Print_r ($stmt->get_warnings());
}
//Close statement
$stmt->close();
}
//If $stmt statement returns an error, say so
else if(!$stmt){
printf ("Error: %s", $mysqli->error);
}
//Close DB Connection
$mysqli->close();
}
echo $_POST['email'];
?>
我真的希望有人可以帮助我。我已经被困在这里很长一段时间了。
答案 0 :(得分:3)
好像你忘了打电话给session_start();在你的上一个文件中;)
$query = "SELECT * FROM secure_login.members WHERE username='" . $myusername . "' and password='" . $mypassword . "'";
这个查询是顺便说一句。不安全,不受mysql注入保护。
您应该使用以下内容:
$query = "SELECT * FROM secure_login.members WHERE username='" . $mysqli->real_escape_string($myusername) . "' and password='" . $mysqli->real_escape_string($mypassword) . "'";
在$ myspassword上,escape-function可能是不必要的,因为这个值是经过哈希处理的。
答案 1 :(得分:1)
你确定你有吗
session_start();
在所有文件中,与此情况有关?
如果你想通过这些页面使用$ _SESSION变量,你必须拥有它。