我是数据库中的初学者,所以..我已经开发了一个可以工作的注册/登录脚本,并且在每个页面中都会检查该人是否已登录。当用户注册时,他提供了保存的不同信息。我希望无论何时用户登录并访问他需要填写和提交的表单,它都会自动从数据库中获取他的姓名,电话,电子邮件详细信息,而无需填写。
如果有人帮我解决这个问题会很棒:
这是我的表单页面,它基于覆盖已满的类的表单。
<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
sec_session_start();
?>
<meta charset="UTF-8">
<link rel="stylesheet" href="styles/main.css" />
<?php if (login_check($mysqli) == true) : ?>
<p>Welcome <?php echo htmlentities($_SESSION['username']); ?>!</p>
<form method="post" action="db.php" name="OverrideForm" id="OverrideForm" autocomplete="off">
<fieldset>
<legend><b>Personal Details</b></legend>
<div>
<label for="name" accesskey="N">First Name</label> <?php echo htmlentities($_SESSION['mname']); ?>
<input name="name" type="text" id="name" required />
</div>
<br>
<div>
<label for="mname" accesskey="M">Middle Name</label>
<input name="mname" type="text" id="mname" required />
</div>
<br>
<div>
<label for="fname" accesskey="F">Last Name</label>
<input name="fname" type="text" id="fname" required />
</div>
<br>
<div>
<label for="sid" accesskey="i">Student ID</label>
<input name="sid" type="text" id="sid" pattern="^(S|s)[0-9]{8}$" required />
</div>
<br>
<div>
<label for="email" accesskey="E">Email</label>
<input name="email" type="email" id="email" pattern="^[A-Za-z0-9](([_\.\-]?[a-zA-Z0-9]+)*)@([A-Za-z0-9]+)(([\.\-]?[a-zA-Z0-9]+)*)\.([A-Za-z]{2,})$" required />
</div>
<br>
<div>
<label for="phone" accesskey="p">Phone No.</label>
<input name="phone" type="tel" id="phone" pattern="^[0-9]{8}$" required />
</div>
<br>
<div>
<label for="sc" accesskey="s">Scolarship</label>
<input name = "sc" type="radio" value="1" checked="checked">Yes</input>
<input name="sc" type="radio" value="0">No</input>
</div>
</fieldset>
<br >
<fieldset>
<legend><b>Subject Details</b></legend>
<div>
<label for="class" accesskey="c">Subject</label>
<input name="class" type="text" id="class" size="50" required />
</div>
<br>
<div>
<label for="section" accesskey="o">Section</label>
<input name="section" type="number" id="section" min="1" max="9" required />
</div>
<br>
<div>
<label for="semester" accesskey="S">Semester</label>
<select name="semester" id="semester" required="required">
<option value="F15">Fall 2015</option>
<option value="S15">Summer 2015</option>
<option value="SP16">Spring 2016</option>
</select>
</div>
</fieldset>
<br >
<fieldset>
<legend><b>Agreement</b></legend>
<form action="#" onSubmit="if(document.getElementById('agree').checked) { return true; } else { alert('Please indicate that you have agreed on the terms'); return false; }">
<input type="checkbox" name="checkbox" value="check" id="agree" required /> By checking this box, i am fully responsible for the data entered above. I am also providing my official online signature to be liable in however the site may use it for.
<br> <i><font size="2"> * Date and time are recorded for various reasons.</font></i>
<br><br>
<label for="date" accesskey="c">   Current Date & Time : </label>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Content-Script-Type" content="text/javascript">
<meta name="Content-Style-Type" content="text/css">
<script type="text/javascript">
document.write ('<span id="date-time">', new Date().toLocaleString(), '<\/span>')
if (document.getElementById) onload = function () {
setInterval ("document.getElementById ('date-time').firstChild.data = new Date().toLocaleString()", 50)
}
</script>
</fieldset>
<br>
<input type="submit" class="submit" id="submit" value="Submit" /> <input type="reset" value="Reset"><br>
</form>
</form>
<?php else : ?>
<p>
<span class="error">You are not authorized to access this page.</span> Please <a href="index.php">login</a>.
</p>
<?php endif; ?>
这是我名为&#34; student&#34;。
的表中的数据库结构
我不知道如何开始这个,因为我有点困惑。
基本上我希望能够从表中的每个条目中获取某些数据,具体取决于登录的用户名或电子邮件。
的functions.php
<?php
include_once 'psl-config.php';
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = SECURE;
// This stops JavaScript being able to access the session id.
$httponly = true;
// Forces sessions to only use cookies.
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
// Sets the session name to the one set above.
session_name($session_name);
session_start(); // Start the PHP session
session_regenerate_id(true); // regenerated the session, delete the old one.
}
function login($email, $password, $mysqli) {
// Using prepared statements means that SQL injection is not possible.
if ($stmt = $mysqli->prepare("SELECT id, username, password, salt
FROM student
WHERE email = ?
LIMIT 1")) {
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($user_id, $username, $db_password, $salt);
$stmt->fetch();
// hash the password with the unique salt.
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
if (checkbrute($user_id, $mysqli) == true) {
// Account is locked
// Send an email to user saying their account is locked
return false;
} else {
// Check if the password in the database matches
// the password the user submitted.
if ($db_password == $password) {
// Password is correct!
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
// XSS protection as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
// XSS protection as we might print this value
$username = preg_replace("/[^a-zA-Z0-9_\-]+/",
"",
$username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512',
$password . $user_browser);
// Login successful.
return true;
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
$mysqli->query("INSERT INTO login_attempts(user_id, time)
VALUES ('$user_id', '$now')");
return false;
}
}
} else {
// No user exists.
return false;
}
}
}
function checkbrute($user_id, $mysqli) {
// Get timestamp of current time
$now = time();
// All login attempts are counted from the past 2 hours.
$valid_attempts = $now - (2 * 60 * 60);
if ($stmt = $mysqli->prepare("SELECT time
FROM login_attempts
WHERE user_id = ?
AND time > '$valid_attempts'")) {
$stmt->bind_param('i', $user_id);
// Execute the prepared query.
$stmt->execute();
$stmt->store_result();
// If there have been more than 5 failed logins
if ($stmt->num_rows > 5) {
return true;
} else {
return false;
}
}
}
function login_check($mysqli) {
// Check if all session variables are set
if (isset($_SESSION['user_id'],
$_SESSION['username'],
$_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
if ($stmt = $mysqli->prepare("SELECT password
FROM student
WHERE id = ? LIMIT 1")) {
// Bind "$user_id" to parameter.
$stmt->bind_param('i', $user_id);
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if ($stmt->num_rows == 1) {
// If the user exists get variables from result.
$stmt->bind_result($password);
$stmt->fetch();
$login_check = hash('sha512', $password . $user_browser);
if ($login_check == $login_string) {
// Logged In!!!!
return true;
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
}
function esc_url($url) {
if ('' == $url) {
return $url;
}
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = (string) $url;
$count = 1;
while ($count) {
$url = str_replace($strip, '', $url, $count);
}
$url = str_replace(';//', '://', $url);
$url = htmlentities($url);
$url = str_replace('&', '&', $url);
$url = str_replace("'", ''', $url);
if ($url[0] !== '/') {
// We're only interested in relative links from $_SERVER['PHP_SELF']
return '';
} else {
return $url;
}
}
答案 0 :(得分:1)
首先,最好将用户的id作为SESSION变量保留,以便多个用户具有相同的名称。您可以通过在用户登录时从数据库中删除它来完成此操作。 假设数据库中存在所有这些数据。 逻辑,当进入表单页面时:根据用户的ID从数据库中获取数据,将这些数据设置在每个元素的值中。 我猜你已经有了“数据库连接脚本”。 连接到DB后页面顶部:
$strSQL = "SELECT * FROM student WHERE id=$_SESSION['id']";
$rs = mysql_query($strSQL);
$row = mysql_fetch_array($rs);
并为每个表单元素,例如:
<input name="name" type="text" id="name" required value="<?php echo $row['name']; ?>"/>
<input name="email"...value="<?php echo $row['email']; ?>..."
[*]中的文本应与数据库列的名称匹配。 希望我能以某种方式帮助,并且确实搞砸了语法。