在我的登录页面中,我只使用电话号码和密码字段登录,此后,我正在使用电话号码创建和存储会话。
Insted,我想回复当前登录的用户名以显示当前用户,因为在我的情况下我目前只能显示已记录的电话号码在用户中。我该怎么做?
这是我的登录脚本
IMPROVE以下是我的示例代码,我想在手机中显示用户名
<?php
// Starting Session
session_start();
include "../script.php";
$error=''; // Variable To Store Error Message
if (isset($_POST['signin'])) {
if (empty($_POST['signinphone']) || empty($_POST['signpassword'])) {
$error = "Phone or Password is invalid";
}
else
{
// Define $username and $password
$phone=$_POST['signinphone'];
$password=$_POST['signpassword'];
// To protect MySQL injection for Security purpose
$phone = stripslashes($phone);
$password = stripslashes($password);
$phone = pg_escape_string($db, $phone); // Set email variable
$password = pg_escape_string($db, $password); // Set hash variable
$pass_crypted = password_hash($password);
// SQL query to fetch information of registerd users and finds user match.
$sql="SELECT usr_id, usr_email, usr_first_name, usr_last_name,
usr_encrypted_password,
usr_salt, usr_stos_id, usr_pers_id, usr_username, usr_updated_at,
usr_created_at, usr_enabled, usr_role_id, usr_jbrn_id,
usr_mobile_number,
stp_acc_id, usr_location, usr_mobile_imei, usr_type
FROM js_core.stp_users
where usr_mobile_number='$phone'
AND usr_encrypted_password='$password'";
$result=pg_query($db, $sql);
$rows = pg_num_rows($result);
if ($rows == 1) {
$_SESSION['phone']=$phone; // Initializing Session
$_SESSION['username'] = pg_fetch_object($result)->usr_last_name;
header("location: ../index.php");
} else {
//echo "0 results";
echo "Try Again the credentials you entered don't much ours";
}
; // Closing Connection
}
}
?>
答案 0 :(得分:0)
你的问题没有一个答案。
我发布此信息是因为它包含了您问题评论中提到的所有内容的示例。
首先,您会注意到有一个使用PDO的新$db连接。这是处理数据库连接的普遍接受的方式,并且相对容易安装(如果你的php版本没有它) - 在SO上有很多例子。我假设您在script.php中想要这个,因为它很常见。
我还替换了原生BCRYPT password_hash()功能的密码哈希功能。当您为用户注册时,您可以像这样使用它:
$encryped_password = password_hash($_POST['signpassword'], PASSWORD_BCRYPT);
这包含一个带有默认费用的唯一盐渍密码。
然后,您可以按原样获取用户,并进行小调整以使其成为准备好的语句。这提供了SQL注入保护,通常使事情更清晰。
然后,您会看到在提取行后,您可以将密码与password_verify()函数进行比较。
最后针对您的原始问题 - 我已将PDO模式设置为object,因此您可以以相同的方式访问和分配所需数量的属性。只有SELECT子句中的属性才可用于该对象。
// Starting Session
session_start(); //I'd suggest this should also go in your script.php
$db = new PDO('pgsql:dbname=mydb;host=localhost;user=myuser;password=mypass');
include "../script.php";
$error=''; // Variable To Store Error Message
if (isset($_POST['signin'])) {
if (empty($_POST['signinphone']) || empty($_POST['signpassword'])) {
$error = "Phone or Password is invalid";
}
else
{
// SQL query to fetch information of registerd users and finds user match.
$sql = 'SELECT usr_id, usr_email, usr_first_name, usr_last_name, usr_encrypted_password
usr_stos_id, usr_pers_id, usr_username, usr_updated_at,
usr_created_at, usr_enabled, usr_role_id, usr_jbrn_id,
usr_mobile_number, stp_acc_id, usr_location, usr_mobile_imei,
usr_type
FROM js_core.stp_users
WHERE usr_mobile_number = :phone_number';
$stmt = $db->prepare($sql);
$stmt->execute(['phone_number' => $_POST['signinphone']]);
if ($row = $stmt->fetch(PDO::FETCH_OBJ)){
if(password_verify($_POST['signinpassword'], $row->usr_encrypted_password)) {
$_SESSION['phone'] = $row->usr_mobile_number; // Initializing Session
$_SESSION['username'] = $row->usr_username;
header("location: ../index.php");
} else {
//valid user, invalid password
}
} else {
//Invalid user
echo "Try Again the credentials you entered don't much ours";
}
}
}
我已经假设您以密码_hash的价格运行PHP 5.5,但如果没有,则会有polyfill。