我有这个php脚本无法检测会话变量是否存在。我一直在寻找堆栈溢出一段时间,我找不到任何解决我问题的方法。这是代码:
<?php
session_start();
if(isset($_SESSION['user'])){
?>
<html>
<head>
</head>
<body>
it exists
</body>
</html>
<?php
}
else{
?>
<html>
<head>
</head>
<body>
nope
</body>
</html>
<?php
}
}
else{
?>
<html>
<head>
</head>
<body>
it doesn't
</body>
</html>
<?php
}
?>
这是设置会话的代码:
<?php
session_start();
$dsn = 'mysql:host=localhost;dbname=noterate';
$usernameForSQL = '*******';
$passwordForSQL = '*********';
$db = new PDO($dsn, $usernameForSQL, $passwordForSQL);
function checkLogin($usrn, $pswd, $database){
$query = "SELECT * FROM accounts WHERE username='$usrn' and userpassword='$pswd'";
$statement = $database->prepare($query);
$statement->execute();
if($statement->rowcount() > 0){
return true;
}
else{
return false;
}
}
if(isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
if(checkLogin($username, $password, $db, 'accounts')){
$_SESSION['user'] = $username;
?>
答案 0 :(得分:2)
请参阅此帖子了解如何处理密码...它使用mysqli
,但您应该能够轻松了解它如何与pdo
一起使用。 https://stackoverflow.com/a/26321573/623952
插入您的密码:
$password_to_insert_into_db = password_hash($plaintext_password, PASSWORD_BCRYPT);
我更改了变量名称和内容。 b / c对我来说更容易。
<?php
session_start();
// for my testing...
$_POST['username'] = 'noterate';
$_POST['password'] = 'noterateE';
// -----------------------------------
$dsn = 'mysql:host=localhost;dbname=test';
$usernameForSQL = 'root';
$passwordForSQL = '';
$db = new PDO($dsn, $usernameForSQL, $passwordForSQL);
$user = isset($_POST['username']) ? $_POST['username'] : '';
$pass = isset($_POST['password']) ? $_POST['password'] : '';
if (!empty($user) && !empty($pass)) {
if (checkLogin($user, $pass, $db)) {
$_SESSION['user'] = $user;
}
else echo "error: user not validated<br/>";
}
function checkLogin($user, $pass, $db) {
$query = "select *
from user
where username = ? ";
$stmt = $db->prepare($query);
$stmt->execute(array($user));
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
if (password_verify($pass, $result['password'])) {
$_SESSION['user'] = $user;
return true;
}
// else... password doesn't match
}
// else... username doesn't exist
return false;
}
/*
mysql> describe user;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| userid | int(11) | NO | PRI | NULL | auto_increment |
| username | varchar(60) | YES | UNI | NULL | |
| password | varchar(60) | YES | | NULL | |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.02 sec)
mysql> select * from user;
+--------+-------------+--------------------------------------------------------------+
| userid | username | password |
+--------+-------------+--------------------------------------------------------------+
| 1 | my_username | $2y$10$fc48JbA0dQ5dBB8MmXjVqumph1bRB/4zBzKIFOVic9/tqoN7Ui59e |
| 2 | stuff | $2y$10$o3s39w.9HqeuUP0j7o9qv.NyMSFMfbsa6SzNZi2gnOo4Zol69w/mm |
| 17 | new_user | $2y$10$lIFIUN2q0UzB9Wtmc/kuCuW7driQkpZHiPIiwQPskanSPXqQbXZGu |
| 18 | noterate | $2y$10$YEsHG2X4rjPArViZTUtM4uEs27e.GR7g05T7Ajno2j0aogMXADbQ2 |
+--------+-------------+--------------------------------------------------------------+
4 rows in set (0.00 sec)
*/
?>
<?php
session_start();
var_dump($_SESSION);
if (isset($_SESSION['user'])) { ?>
<div>it exists</div>
<?php } else { ?>
<div>nope</div>
<?php } ?>