PHP获取当前登录用户的电子邮件

时间:2014-03-29 16:49:36

标签: php html mysql email

我有问题。我想收到用户的电子邮件,email是我数据库中名为users的表中的特殊列。我创建了一个运行良好的登录系统,但我仍然希望获得当前登录用户的电子邮件。

我是php和mysql的新手。 :(

这是我在login.php中的代码:

<?php

require 'Mysql.php';

class Membership {

//Check if input is correct
function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

    //input correct
    if($ensure_credentials) {
        $_SESSION['status'] = 'authorized';
        $_SESSION["username"] = $un;
        $_SESSION["email"] = $ensure_credentials['email'];
        header("location: ?status=authorized");
    } 




function log_User_Out() {
    if(isset($_SESSION['status'])) {
        unset($_SESSION['status']);

        if(isset($_COOKIE[session_name()])) 
            setcookie(session_name(), '', time() - 10000);
            session_destroy();
    }

    if(isset($_SESSION["username"])) {
        unset($_SESSION["username"]);
    }

    if(isset($_SESSION["email"])) {
        unset($_SESSION["email"]);
    }
}
}

来自Mysql.php:

<?php

require "/data/logindata/constants.php";

class Mysql {

private $conn;


function __construct() {
    $this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
                  die('There was a problem connecting to the database.');
}

function verify_Username_and_Pass($un, $pwd) {

    $query = "SELECT *
    FROM users
    WHERE username = ? AND password  = ?
    LIMIT 1";

    if($stmt = $this->conn->prepare($query)) {
        $stmt->bind_param('ss', $un, $pwd);
        $stmt->execute();
        $stmt->bind_result($username, $email); // the columns fetched with SELECT *

        if (!$stmt->fetch()) {
            return false;
        }

        return array(
            'username'    => $username,
            'email'     => $email
        );
    }
    return false;
}

}

2 个答案:

答案 0 :(得分:5)

您可以使用verify_Username_and_Pass函数返回一些用户数据,而不是返回布尔值。在那里,您可以包含经过身份验证的用户的电子邮件:

function verify_Username_and_Pass($un, $pwd) {

  $query = "SELECT username, password
    FROM users
    WHERE username = ? AND password  = ?
    LIMIT 1";

  if($stmt = $this->conn->prepare($query)) {
    $stmt->bind_param('ss', $un, $pwd);
    $stmt->execute();
    $stmt->bind_result($username, $email); // the columns fetched with SELECT *

    if (!$stmt->fetch()) {
      return false;
    }

    return array(
      'username'    => $username,
      'email'     => $email
    );
  }
  return false;
}

....

$ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

//input correct
if($ensure_credentials) {
    $_SESSION['status'] = 'authorized';
    $_SESSION["username"] = $un;
    $_SESSION["email"] = $ensure_credentials['email'];
    header("location: ?status=authorized");
} 

答案 1 :(得分:-2)

首先要确保清理最终用户插入的每个变量。 清理变量以避免SQL注入非常重要。

然后在Session变量用户上我将保存用户ID并获取他/她的电子邮件我将创建一个应该收到会话ID的函数来返回电子邮件。

现在我要编写一些有用的功能:

function logged() {
return (isset($_SESSION['id_user'])) ? true : false;
}

function getEmail($userId) {
    $userId = sanitize(userId);
    $query = "SELECT userEmail FROM users WHERE id_user =" . $userId;
    $name = mysql_result(mysql_query($query), 0);
    return $name;
}

function sanitize($data) {
    return mysql_real_escape_string($data);
}