我有一个登录脚本,其中重定向页面是根据用户的角色制作的,所以如果是admin,它会转到admin.php,如果它的测试人员转到tester.php,那么在第一个会话中用户角色在我的其他会话中给出了loginin我给了用户名。在我的数据库中,我从用户配置文件中得到了更多的东西,我想要的是用户登录时显示的名字和姓氏。
您可以在此处查看我的验证脚本。
<?php
session_start();
$mysqli=new MySQLi("localhost", "root", "root", "portfolio");
$role="";
$username=filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password=filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
if($query=$mysqli->prepare("SELECT `role` FROM members WHERE username=? AND password=?"))
{
$query->bind_param("ss", $username, $password);
$query->execute();
$query->bind_result($role);
$query->fetch();
}
else
{
echo "Errors in the Query. ".$mysqli->error;
die();
}
if($role!="")
{
$_SESSION['ingelogt']=$username;
$_SESSION['user_role']=$role;
$location="$role.php"; // If role is admin this will be admin.php, if student this will be student.php and more.
header("location: $location"); // Redirect to the respective pages.
}
else
{
echo "Invalid password, username combination";
}
?>
此处是管理员在成功登录时将被重定向的页面
<?php
session_start();
if(!isset($_SESSION['ingelogt']))
{
header("location: index.php"); // The user is not logged in. Redirect him to the login page.
}
$page_role="admin"; // This must be admin for admin.php and student for student.php and similar
$role=$_SESSION['user_role'];
if($role!=$page_role) // If student come to admin page by mistake or admin to student and similar
{
echo "You are not supposed to be here.";
die();
}
$dom = new DOMDocument();
libxml_use_internal_errors(true);
$dom->loadHTMLFile("admin.html");
libxml_use_internal_errors(false);
if($_SESSION['user_role']) {
$oUl = $dom->getElementById('navUl');
$oList = $dom->createElement('li');
$oLink = $dom->createElement('a');
$oLink->setAttribute('href','logout.php');
$oI = $dom->createElement('i');
$oI->setAttribute('class','icon-logout');
$oLink->appendChild($oI);
$oList->appendChild($oLink);
$oUl->appendChild($oList);
}
echo $dom->saveHTML();
?>
所以我想要的是当用户登录时将显示他的名字和姓氏。 我希望有人可以帮助我
更新的文件 verify.php
<?php
session_start();
// Making a connection with the database.
$mysqli=new MySQLi("localhost", "root", "root", "portfolio");
$role="";
// Declaring the username and password input.
$username=filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password=filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
// If role from members where username and password from inputs exicts in database bind parameters.
// If given parameters not excists in database die
if($query=$mysqli->prepare("SELECT `id`,`role` FROM members WHERE username=? AND password=?")) {
$query->bind_param("ss", $username, $password);
$query->execute();
$query->bind_result($id, $role);
$query->fetch();
} else {
echo "Errors in the Query. ".$mysqli->error;
die();
}
// If $role is filled make session for username to check if logged in and session role for redirect page.
// If $role and $username is not filled invalid password, username combination.
if($role!="") {
$_SESSION['ingelogt']=$username;
$_SESSION['user_role']=$role;
$_SESSION['user_id']=$id;
$location="$role.php";
header("location: $location");
} else {
echo "Invalid password, username combination";
}
?>
和admin.php
<?php
session_start();
// If session is not ingelogt lead back to index.php.
if(!isset($_SESSION['ingelogt'])) {
header("location: index.php");
}
// The role that has access to this page.
$page_role="admin";
$role=$_SESSION['user_role'];
// If a user with a different role visits wrong page.
if($role!=$page_role)
{
echo "You are not supposed to be here.";
die();
}
// Start new DOMDocument and load html file.
$dom = new DOMDocument();
libxml_use_internal_errors(true);
$dom->loadHTMLFile("admin.html");
libxml_use_internal_errors(false);
// If user is logged in add logg out icon in the menu.
if($_SESSION['ingelogt']) {
$oUl = $dom->getElementById('navUl');
$oList = $dom->createElement('li');
$oLink = $dom->createElement('a');
$oLink->setAttribute('href','logout.php');
$oI = $dom->createElement('i');
$oI->setAttribute('class','icon-logout');
$oLink->appendChild($oI);
$oList->appendChild($oLink);
$oUl->appendChild($oList);
}
// Save DOMDocument with html document.
echo $_SESSION['user_id'];
echo $dom->saveHTML();
?>
答案 0 :(得分:0)
您想要的是将用户ID保留在$_SESSION中,因此请修改您的查询:
SELECT `id`,`role` FROM members WHERE username=? AND password=?
然后,与添加$role的方式相同,只需添加$id,
$_SESSION['userID'] = $id;
然后在下一页中,您可以使用$_SESSION['userID']来查询所需的信息。
作为旁注,请考虑使用password_hash(),以便您的密码不会以明文形式存储在数据库中。
答案 1 :(得分:0)
你可以获得名字和名字来自db和store的lastname是SESSION:
<?php
session_start();
$mysqli=new MySQLi("localhost", "root", "root", "portfolio");
$role="";
// add lastname & firstname
$lastname="";
$firstname="";
$username=filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password=filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
// get lastname & first name with select
if($query=$mysqli->prepare("SELECT `role`,`firstname`,`lastname` FROM members WHERE username=? AND password=?"))
{
$query->bind_param("ss", $username, $password);
$query->execute();
$query->bind_result($role,$firstname, $lastname);
$query->fetch();
}
else
{
echo "Errors in the Query. ".$mysqli->error;
die();
}
if($role!="")
{
$_SESSION['ingelogt']=$username;
$_SESSION['user_role']=$role;
// save to session
$_SESSION['user_lastname']=$lastname;
$_SESSION['user_firstname']=$firstname;
$location="$role.php"; // If role is admin this will be admin.php, if student this will be student.php and more.
header("location: $location"); // Redirect to the respective pages.
}
else
{
echo "Invalid password, username combination";
}
?>
然后在管理页面上,从SESSION中提取名称,然后将页面放在页面上。
答案 2 :(得分:0)
在这里,您只需要一个会话变量来存储用户的拳头和姓氏。
更改SELECT查询;
"SELECT `role`,'firstname','lastname' FROM members WHERE username=? AND password=?"
然后如果查询返回任何原始,即。对于有效的用户。
将这些值存储在Session中,然后在所有其他页面中使用该值来显示名字和姓氏。