我被困在注册和登录脚本上,出于某种原因,无论我登录的是谁,我的$ user_id都会返回0。我一遍又一遍地浏览代码,由于某种原因,会话似乎没有从数据库中获取用户ID。
我看了一眼,有几个人遇到过这个问题和他们的修复,如果有任何问题被证明对我不利。
的init.php
<?php
session_start();
//error_reporting(0);
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
if (logged_in() === true) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name', 'email');
}
$errors = array();
?>
功能/ users.php
<?php
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_data($user_id)
{
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if($func_num_args > 0)
{
unset($func_get_args[0]);
$fields = '`' . implode('', $func_get_args) . '`';
// check the query executed. mysql_query returns false if there is an error
if(($result = mysql_query("SELECT '".$fields."' FROM `users` WHERE `user_id` = '".$user_id."'")) !== false)
{
// check that the query did actually return any results
if(mysql_num_rows($result))
{
return mysql_fetch_assoc($result); // return the result
}
// query didn't return any results
else
{
echo 'user_data() query returned no results!';
}
}
// query has failed find out why using msyql_error();
else
{
echo 'user_data() query has failed - ' . mysql_error();
}
}
return false;
}
function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."'"), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."' AND `active` = 1"), 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'"), 0, 'user_id');
}
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = MD5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'"), 0) == 1) ? '".$user_id."' : false;
}
?>
的login.php
<?php
include 'core/init.php';
if (empty ($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'You need to enter a username and or password';
}else if (user_exists ($username) === false) {
$errors[] = 'Your username is not registered on our server. Have you <a href = register.php> registered?</a>';
}else if (user_active ($username) === false) {
$errors [] = 'You need to activate your account!';
}else {
if (strlen($password) > 32) {
$errors[] = 'password too long';
}
$login = login($username, $password);
if ($login == false){
$errors[] = 'Username or password is incorrect';
} else {
$_SESSION['user_id'] = $login;
header ('LOCATION: index.php');
exit();
}
}
}else {
$errors[] = 'no data';
}
include 'includes/overall/header.php';
if (empty($errors) === false) {
?>
<h2>We tried to log you in, BUT...</h2>
<?php
}
echo output_errors($errors);
include 'includes/overall/footer.php';
?>
如果你知道如何解决这个问题,如果你遇到同样的问题,我将非常感激!我一直把头发拉到这个哈哈上面。
谢谢!
答案 0 :(得分:1)
确保在内爆时使用一些胶水:
$fields = implode(', ', $func_get_args);
至少可以修复某些东西。我没有你所有的require
'文件,或者你的数据库架构,所以我不能肯定地说。
答案 1 :(得分:0)
您的问题出在登录功能
中// WRONG
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'"), 0) == 1) ? '".$user_id."' : false;
mysql_query()函数返回资源,如果失败或没有结果,则返回false。你的假设是它返回1.
$result = mysql_query("SELECT * FROM mytale WHERE somecondition");
$num_rows = mysql_num_rows($result);
注意强>: 你的代码编写得非常糟糕,因为它不安全,SO本身可能有几千个警告,要求人们不要像登录查询那样获取登录信息。请更新您的查询。
答案 2 :(得分:0)
改变这个:
unset($func_get_args[0]);
$fields = '`' . implode('', $func_get_args) . '`';
// check the query executed. mysql_query returns false if there is an error
if(($result = mysql_query("SELECT '".$fields."' FROM `users` WHERE `user_id` = '".$user_id."'")) !== false)
{
// check that the query did actually return any results
if(mysql_num_rows($result))
{
return mysql_fetch_assoc($result); // return the result
}
// query didn't return any results
else
{
echo 'user_data() query returned no results!';
}
}
到此:
$query = mysql_query("SELECT user_id, username, password, email FROM users WHERE user_id = '".mysql_real_escape_string($user_id)."'");
if($query && mysql_num_rows($query))
{
return mysql_fetch_assoc($query); // return the result
} else {
// no results or error..
}