Question

我有一些用php编写的代码。我写了一些代码，以便当用户成功登录时，他们的用户名保存在会话中，然后我可以回显$ _SESSION ['user_name']。我想知道是否有人可以帮我解决一些代码行，这样当用户登录时我也可以只为该用户检索user_id或user_email，并能够将其回显给另一个页面。

到目前为止，这是我所拥有的，但它并没有回应我想要的东西。

  $this->db_connection = new mysqli('localhost', 'root', '1', 'test');


         // create a database connection, using the constants from config/db.php (which we loaded in index.php)
           if ($this->db_connection->connect_errno) {
         echo "Connection Failed " . $this->db_connection->connect_errno . "";
         }



         // if no connection errors (= working database connection)
         if (!$this->db_connection->connect_errno) {

             // escape the POST stuff
             $this->user_name = $this->db_connection->real_escape_string($_POST['user_name']);
             $this->user_password = $this->db_connection->real_escape_string($_POST['user_password']);


             // database query, getting all the info of the selected user
             $sql = "SELECT user_name, user_password, user_email
                     FROM members
                     WHERE user_name = '{$this->user_name}' AND user_password = '{$this->user_password}'";
             $query = $this->db_connection->query($sql);
            $result = $query->fetch_object();



            // if the username exists and if the password is a correct match
             if (($query->num_rows == 1) && ($this->user_password === $result->user_password)) {

         while ($row = mysqli_fetch_assoc($query)) {
  echo $row['user_email'];
    }
          $_SESSION['user_name'] = $result->user_name;
          $_SESSION['user_logged_in'] = 1;

          $_SESSION['user_login_status'] = 1;


          setcookie("_time", "cookie_value", time() + 3600);


        //redirect to this page if the user has logged in successfully
        header("Location: testing.php");


                 } 
            }

我尝试将while循环放在函数的不同部分但仍无法正常工作

Answer 1

session_start();
$_SESSION['user_name'] = $result->user_name;
$_SESSION['user_email'] = $result->user_email;

或只是

$_SESSION = $result

如果您已完成fetch_assoc

的fetch_object个实例

我建议您使用auth密钥并将其存储在会话中，这比执行user_logged in更好，这非常不安全。

/**
 * Returns an encrypted & utf8-encoded
 */
function encrypt($pure_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
    return $encrypted_string;
}

/**
 * Returns decrypted original string
 */
function decrypt($encrypted_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $encryption_key, $encrypted_string, MCRYPT_MODE_ECB, $iv);
    return $decrypted_string;
}

这是用于加密和解密。用户登录时，修改sql并将随机值添加到加密。也将它存储在会话中。检查是否记录时，使用用户名从db中选择密钥，并将其与当前会话密钥进行比较。

if ($result->key != $_SESSION["auth_key"]) {
// do whatever
}

检索用户登录的整行 - mysqli

1 个答案: