Question

我正在尝试使用用户$login填充变量user_id，以便我可以使用会话，但查询不会返回user_id以填充$login

users.php

<?php
function user_exists($username, $con) {
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username'");
    return(mysqli_affected_rows($con) == 1) ? true : false;
}

function user_active($username, $con) {
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `active` = 1");
    return(mysqli_affected_rows($con) == 1) ? true : false;
}

function user_id_from_username ($username, $con) {
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username'");
    return mysqli_affected_rows($con) ? 0 : 'user_id';
}

function login($username, $password, $con) {
    $user_id = user_id_from_username($username, $con);
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    $password = md5($password);
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
    return (mysqli_affected_rows($con) == 1) ? $user_id : false;
}
?>

的login.php

<?php
include 'core/init.php';

if (empty($_POST) === false) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    if (empty($username) === true || empty($password) === true)  {
        $errors[] = 'You need to enter a username and password';
    } else if (user_exists($username, $con) === false) {
        $errors[] = 'We can\'t find that username. Have you registered?';
    } else if (user_active($username, $con) === false) {
        $errors[] = 'You have not activated your account. Please see the instructions.';
    } else {
        $login = login($username, $password, $con);

        if ($login === false) {
            $errors [] = 'That username and password combination is incorrect;';
        } else {
            echo 'hi';
            die($login);
            $_SESSION['user_id'] = $login;
        }
    }

    print_r($errors);
}
?>

的init.php

<?php 
session_start();
//error_reporting(0);
require 'database/connect.php';
require 'functions/users.php';
require 'functions/general.php';
$errors = array();
?>

Answer 1

获得用户ID后，您返回错误的值：

function user_id_from_username ($username, $con) {
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username'");
    return mysqli_affected_rows($con) ? 0 : 'user_id';
}

此函数将返回0（如果affected_rows不为0）或字符串＆＃39; user_id＆＃39; （如果受影响的行为0）。首先我认为逻辑可能是颠倒的（0对非零），其次我认为你真的想要返回一个实际的user_id而不仅仅是字符串＆＃39; user_id＆＃39;。

然后在你的登录功能中：

function login($username, $password, $con) {
    $user_id = user_id_from_username($username, $con);
    $data = $username;
    $username = sanitize($data, $con); 
    $username = $data;
    $password = md5($password);
    mysqli_query($con, "SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
    return (mysqli_affected_rows($con) == 1) ? $user_id : false;
}

你得到0或＆＃39; user_id＆＃39; （字符串）到$ user_id然后忽略它直到最后返回该值或false。由于逻辑在前一个函数的返回值上是相反的，因此在成功登录时，$ user_id包含0（在PHP中为布尔值false），因此此函数从登录返回0或false - 两者都是它们是假的，所以login（）返回false。但特别是在登录良好的情况下，你返回一个0然后看起来不像是一个有效的ID放入你的会话中，如果你在那里得到它，就不会很好地比较因为零的整个情况被评估为布尔值假。

PHP不返回数据库项

1 个答案: