用户类和表单更新PDO

时间:2015-04-15 14:32:26

标签: php pdo

我已创建此表单以更新各种用户配置文件的数据。更新有效,但我需要一些技巧和帮助。表格非常简洁,简化为必需品,我想知道如何改进它,也许放置控件使其尽可能安全,我该怎么办?

此外,我无法通过SESSION获取用户的ID,其他数据将其作为位置获取,但电子邮件ID号码。所以我需要的只是因为表单必须基于用户的ID。 我想知道是否投入SESSIONS,创建一个收集用户数据的课程并不是更好,例如:$ user [' email'];

但是,我粘贴了类user.php

include('password.php');
class User extends Password{

    private $_db;

    function __construct($db){
        parent::__construct();

        $this->_db = $db;
    }

    private function get_user_hash($username){  
        try {
            $stmt = $this->_db->prepare('SELECT password FROM members WHERE username = :username AND active="Yes" ');
            $stmt->execute(array('username' => $username));
            $row = $stmt->fetch();
            return $row['password'];
        } catch(PDOException $e) {
            echo '<p class="bg-danger">'.$e->getMessage().'</p>';
        }
    }

    public function login($username, $password){
        $hashed = $this->get_user_hash($username);
        if($this->password_verify($password,$hashed) == 1){
            $_SESSION['loggedin'] = true;
            return true;
        }   
    }

    public function logout(){
        session_destroy();
    }

    public function is_logged_in(){
        if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
            return true;
        }       
    }

    public function is_logged_admin(){
        if(isset($_SESSION['level']) && $_SESSION['level'] == 2 ) {
            return true;
        }
        return false;
    }  

    public function get_user_info($username){
        try {
            $stmt = $this->_db->prepare('SELECT memberID,email,location,gender,level,active FROM members WHERE username = ?');
            $stmt->execute(array($username));
            return $stmt->fetch();
        } catch(PDOException $e) {
            echo '<p class="bg-danger">'.$e->getMessage().'</p>';
        }
    }

}   

以及我称之为account.php的表单

<form role="form" method="POST">

<div class="form-group">      
<label class="control-label">Email</label>     
<input type="text" name="email" class="form-control" value="<?= $_SESSION['email']; ?>">
</div>

<div class="form-group">
<label class="control-label">Location</label>           
<input type="text" name="location" class="form-control" value="<?= $_SESSION['location']; ?>">   
</div>

<div class="form-group">       
<label class="control-label">Gender</label>   
<input type="text" name="gender" class="form-control" value="<?= $_SESSION['gender']; ?>">    
</div>

<div class="margiv-top-10">  
<input type="submit" name="submit" class="btn" value="Update">    
</div>

</form> 

if (isset($_POST['email'], $_POST['location'], $_POST['gender'])) {
    $stmt = $db->prepare("UPDATE members SET email = ?, location = ?, gender = ? WHERE memberID = 1");
    $stmt->execute([$_POST['email'], $_POST['location'], $_POST['gender']]);
}

0 个答案:

没有答案