我试图从1或7对我的用户进行排名。如果登录的用户具有等级7,请说"您是员工"。如果没有,做其他事情。但是,如果我例如给用户1排名7,则没有任何反应。然后,如果我给用户2排名7,则两者都会收到消息,说明你是员工。
我一直在努力奋斗3天而没有发现问题。我希望网站做的是找出登录用户是否具有等级7(如果其他人没有,但只有登录的等级为7),如果我的数据库中的其他人排名为7而不是你,那么你&# 39;不应该得到"你是员工"信息。我有一个名为GamesNet的数据库,一个名为members的表,我的用户ID名为memberID,我还有一些名为username,password的列},email和Rank。
这是一个好的设置,对吗? 这是我的代码:
$stmt = $db->prepare('SELECT Rank, memberID from members where memberID');
$stmt->bindParam(7,$memberID, PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if($result['Rank'] == 7){
echo "You are a staff member.";
}else{
echo "Hello you are not a staff.";
}
?>
编辑:
user.php:
<?php
include('password.php');
class User extends Password{
private $_db;
function __construct($db){
parent::__construct();
$this->_db = $db;
}
private function get_user_hash($username){
try {
$stmt = $this->_db->prepare('SELECT password, username, memberID FROM members WHERE username = :username AND active="Yes" ');
$stmt->execute(array('username' => $username));
return $stmt->fetch();
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$row = $this->get_user_hash($username);
if($this->password_verify($password,$row['password']) == 1){
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $row['username'];
$_SESSION['memberID'] = $row['memberID'];
return true;
}
}
public function logout(){
session_destroy();
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
}
?>
Memberpage.php
<?php require('includes/config.php');
$memberID = user;
$stmt = $db->prepare('select rank, memberid from members');
$stmt->execute();
while ($result = $stmt->fetch(PDO::FETCH_ASSOC)) {
if ($result['rank'] == 7) {
echo "You are a staff member.";
} else {
echo "Hello you are not a staff.";
//When i run this code, it tells me im not staff, even tho i am rank 7.
}
}
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
//define page title
$title = 'Members Page';
//include header template
require('layout/header.php');
?>
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
<h2>Member only page - Welcome <?php echo $_SESSION['username']; ?></h2>
<p><a href='logout.php'>Logout</a></p>
<hr>
</div>
</div>
</div>
<?php
/*
$stmt = $db->prepare('select Rank, memberID from members');
$stmt->execute();
while ($result = $stmt->fetch(PDO::FETCH_ASSOC)) {
if ($result['Rank'] == 7) {
echo "You are a staff member.";
echo $result['Rank'];
} else {
echo "Hello you are not a staff.";
}
}
*/
//When i run this code, it works. But it gives me the messages for all registrered users.
?>
的login.php
<?php
//include config
require_once('includes/config.php');
//check if already logged in move to home page
if( $user->is_logged_in() ){ header('Location: index.php'); }
//process login form if submitted
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$_SESSION['username'] = $username;
header('Location: memberpage.php');
exit;
} else {
$error[] = 'Wrong username or password or your account has not been activated.';
}
}//end if submit
//define page title
$title = 'Login';
//include header template
require('layout/header.php');
?>
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
<form role="form" method="post" action="" autocomplete="off">
<h2>Please Login</h2>
<p><a href='./'>Back to home page</a></p>
<hr>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '<p class="bg-danger">'.$error.'</p>';
}
}
if(isset($_GET['action'])){
//check the action
switch ($_GET['action']) {
case 'active':
echo "<h2 class='bg-success'>Your account is now active you may now log in.</h2>";
break;
case 'reset':
echo "<h2 class='bg-success'>Please check your inbox for a reset link.</h2>";
break;
case 'resetAccount':
echo "<h2 class='bg-success'>Password changed, you may now login.</h2>";
break;
}
}
?>
<div class="form-group">
<input type="text" name="username" id="username" class="form-control input-lg" placeholder="User Name" value="<?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="1">
</div>
<div class="form-group">
<input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password" tabindex="3">
</div>
<div class="row">
<div class="col-xs-9 col-sm-9 col-md-9">
<a href='reset.php'>Forgot your Password?</a>
</div>
</div>
<hr>
<div class="row">
<div class="col-xs-6 col-md-6"><input type="submit" name="submit" value="Login" class="btn btn-primary btn-block btn-lg" tabindex="5"></div>
</div>
</form>
</div>
</div>
</div>
<?php
//include header template
require('layout/footer.php');
?>
答案 0 :(得分:1)
select语句中的where子句缺少parameter marker,例如
SELECT Rank, memberID from members where memberID = ?
然后bindParam必须使用1而不是7,因为它是第一个也是唯一的参数标记
$stmt->bindParam(1,$memberID, PDO::PARAM_INT);
您也可以跳过bindParam并将memberId作为数组传递给execute
$stmt->execute(array($memberId));
仅处理一个用户
$memberID = 1234;
$stmt = $db->prepare('select rank, memberid from members where memberid = ?');
$stmt->execute(array($memberID));
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result['rank'] == 7) {
echo "You are a staff member.";
} else {
echo "Hello you are not a staff.";
}
获取所有用户
$stmt = $db->prepare('select rank, memberid from members');
$stmt->execute();
while ($result = $stmt->fetch(PDO::FETCH_ASSOC)) {
if ($result['rank'] == 7) {
echo "You are a staff member.";
} else {
echo "Hello you are not a staff.";
}
}
您已在功能$_SESSION['memberID']中拥有login。所以你可以使用它
$stmt = $db->prepare('select rank, memberid from members where memberid = ?');
$stmt->execute(array($_SESSION['memberID']));
并拥有所需的数据。
更好的是,您可以使用
扩展函数get_user_hash
// user.php, function get_user_hash()
$stmt = $this->_db->prepare('SELECT password, username, memberID, Rank FROM members WHERE username = :username AND active="Yes" ');
这将一次性提供rank,并避免额外的数据库往返。然后,您可以在功能login
// user.php, function login()
// ...
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $row['username'];
$_SESSION['memberID'] = $row['memberID'];
$_SESSION['Rank'] = $row['Rank'];
现在你可以检查
// Memberpage.php
if ($_SESSION['Rank'] == 7) {
echo "You are a staff member.";
} else {
echo "Hello you are not a staff.";
}
不做另一个SQL查询。