目前尝试运行查询,我设法让它只使用添加确切的用户名,但当我尝试使用当前查询来使用$ _Session标识的用户名时,它不起作用。
<?php
include ("config.php");
session_start();
$username = $_SESSION['username'];
$stmt = $db->exec ("UPDATE users SET lastlogindate = NOW() WHERE username = '$username'");
?>
编辑 - Login.php代码
<?php
require("config.php");
$submitted_username = '';
if(!empty($_POST)){
$query = "
SELECT
id,
username,
password,
salt,
email
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); }
$login_ok = false;
$row = $stmt->fetch();
if($row){
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++){
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']){
$login_ok = true;
}
}
if($login_ok){
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: main.php");
die("Redirecting to: main.php");
}
else{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
};
?>
答案 0 :(得分:3)
您在login.php中将$row设置为$_SESSION['user'],然后错误地通过$_SESSION['username']获取,您应该使用$_SESSION['user']。
试试这个:
<?php
include ("config.php");
session_start();
$username = $_SESSION['user'];
$stmt = $db->prepare("UPDATE users SET lastlogindate = NOW() WHERE username = ?");
$stmt->bindParam(1, $username['username']);
$stmt->execute();
?>