我已经弄明白了如何制作一份工作注册表和一份登录表。我还有一个测验,用于在用户登录时向数据库发布分数。现在我正在试图找出如何捕获登录用户的用户名并将其提供给我网站的其他页面。
从讨论@ How do I echo username in profile page with PHP?来看,看起来我应该在每个部分的第一页写一个简单的数据库查询。但是有更有效的方法吗?
为了说明,我的注册和登录表单位于mysite / admin,而我的测试是在mysite / test。
以下是我的登录页面中的代码:
<?php if( !isset( $_SESSION['user_id'] ) ): ?>
<h2>Login Here</h2>
<form action="/admin/login/login-submit.php" method="post">
<fieldset>
<label for="username">Username</label>
<input type="text" id="username" name="username" value="" maxlength="20" />
<br>
<label for="password">Password</label>
<input type="text" id="password" name="password" value="" maxlength="20" />
<br>
<input type="submit" value="→ Login" />
</fieldset>
</form>
这是来自login-submit.php的代码:
if(isset( $_SESSION['user_id'] ))
{
$message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['username']))
{
$message = 'Please enter a valid username and password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
/*** if there is no match ***/
$message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
/*** if there is no match ***/
$message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into database ***/
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$password = sha1( $password );
// $phpro_password = sha1( $phpro_password );
// DATABASE CONNECTION
try
{
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
/*** $message = a message saying we have connected ***/
/*** set the error mode to excptions ***/
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** prepare the select statement ***/
$stmt = $dbh->prepare("SELECT user_id, username, password FROM g1_members
WHERE username = :username AND password = :password");
/*** bind the parameters ***/
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);
/*** execute the prepared statement ***/
$stmt->execute();
/*** check for a result ***/
$user_id = $stmt->fetchColumn();
/*** if we have no result then fail boat ***/
if($user_id == false)
{
$message = 'Login Failed';
}
/*** if we do have a result, all is well ***/
else
{
/*** set the session user_id variable ***/
$_SESSION['user_id'] = $user_id;
/*** tell the user we are logged in ***/
$message = 'You are now logged in';
}
}
catch(Exception $e)
{
/*** if we are here, something has gone wrong with the database ***/
$message = 'We are unable to process your request. Please try again later.';
}
}
我添加了这个简单的查询,它在$ Username:
中捕获用户的用户名$stm = $pdo->prepare("SELECT username
FROM g1_members
WHERE user_id = :user_id");
$stm->execute(array(
'user_id'=>$user_id
));
while ($row = $stm->fetch())
{
$Username = $row['username'];
}
所以我需要在每个部分添加相同的查询 - 例如mysite / topics,mysite / people等等 - 还是有更好的方法吗?
答案 0 :(得分:1)
运行此代码时:
$_SESSION['user_id'] = $user_id;
您可以将用户名添加为附加会话变量,例如:
$_SESSION['username'] = $username;
已在您的代码中设置。