所以,我是一个新的php和mysql,但我找到了一个登录表单,并根据我的需要调整它,因为我还没有自己的知识。我在数据库中添加了firstname和surname列,并且寄存器表单将值添加到数据库中。
现在我希望能够在受限制的页面上显示名字和姓氏,我之所以需要这个是因为我想要它说:欢迎Jo博客。以下是登记表。
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: /");
}
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['surname'])):
// Enter the new user in the database
$sql = "INSERT INTO users (email, password, firstname, surname) VALUES (:email, :password, :firstname, :surname)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
$stmt->bindParam(':firstname', $_POST['firstname']);
$stmt->bindParam(':surname', $_POST['surname']);
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
<?php include '../header.php'; ?>
</head>
<body>
<?php if(!empty($message)): ?>
<p><?= $message ?></p>
<?php endif; ?>
<h1>Register</h1>
<span>or <a href="login.php">login here</a></span>
<form action="register.php" method="POST">
<input type="text" placeholder="Enter your email" name="email">
<input type="password" placeholder="and password" name="password">
<input type="password" placeholder="confirm password" name="confirm_password">
<input type="text" placeholder="Enter your first name" name="firstname">
<input type="text" placeholder="Enter your surname" name="surname">
<input type="submit">
</form>
</body>
</html>
以下是登录表格,因为我不确定你们需要帮助我的是什么:)
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: /");
}
require 'database.php';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$records = $conn->prepare('SELECT id,email,password FROM users WHERE email = :email');
$records->bindParam(':email', $_POST['email']);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
$message = '';
if(count($results) > 0 && password_verify($_POST['password'], $results['password']) ){
$_SESSION['user_id'] = $results['id'];
header("Location: /");
} else {
$message = 'Sorry, those credentials do not match';
}
endif;
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<?php include '../header.php'; ?>
</head>
<body>
<?php if(!empty($message)): ?>
<p><?= $message ?></p>
<?php endif; ?>
<h1>Login</h1>
<span>or <a href="register.php">register here</a></span>
<form action="login.php" method="POST">
<input type="text" placeholder="Enter your email" name="email">
<input type="password" placeholder="and password" name="password">
<input type="submit">
</form>
</body>
</html>
当我在这里时,我现在正在使用javascript重定向到主页,因为我无法找到有关如何使用php进行操作的任何信息
Restricted.php:
<!DOCTYPE html>
<html>
<head>
<title>Restricted Area</title>
<link rel="stylesheet" type="text/css" href="../assets/css/style.css">
<link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'>
<?php
include '../header.php';
?>
</head>
<body>
<?php
session_start();
if(isset($_SESSION['user_id'])) { ?>
<h1>Restriced Area</h1>
<h2>You have sucessfully logged in with your credentials</h2>
<?php
} else { ?>
<script type="text/javascript">
window.location = "login.php";
</script>
<?php
exit;
}
?>
</body>
</html>
如果您需要更多信息/代码,请告诉我。
感谢。
答案 0 :(得分:0)
正如Qirel所说......
Restricted.php应该类似于:
<?php
session_start();
if(!isset($_SESSION['user_id'])){
header("Location: /login.php"); // no need to query
}
require('database.php'); // assumed to declare $conn=new PDO(...);
$loggedin=$conn->prepare('SELECT firstname,surname FROM users WHERE id=?');
$loggedin->execute(array($_SESSION['user_id']));
$results=$loggedin->fetch(PDO::FETCH_ASSOC);
if(!$results || count($results)<1){
header("Location: /login.php"); // unsuccessful query
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Restricted Area</title>
<link rel="stylesheet" type="text/css" href="../assets/css/style.css">
<link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'>
<?php include '../header.php'; ?>
</head>
<body>
<h1>Restriced Area</h1>
<h2>You have successfully logged in with your credentials</h2>
<?php echo "Welcome {$results['firstname']} {$results['surname']}"; ?>
</body>
</html>
编辑:
这句话与太严重接壤但我想提及,特别是对于没有经验的php编码人员,SESSION数据可能会被劫持(这在 Pro PHP Security:来自应用程序安全性中有所概述实施XSS防御的原则 - 第7章:防止会话劫持)因此可以建议永远不要在$ _SESSION中存储任何个人信息。最重要的是包括信用卡号,政府发行的ids 和密码;但也会扩展到更少的假设数据,如用户名,电子邮件,电话号码等,这将允许黑客冒充/危害合法用户
互联网仍处于其狂野西部&#34;时代,没有什么是100%安全的。 ...和互联网安全是一个兔子洞/钱坑。每个程序员都应该花一些时间来理解已知的威胁并防止它们,但是这个程度的差异因人而异。
答案 1 :(得分:0)
也许这个??
成功添加新用户后的第一个代码段..
if( $stmt->execute() ):
$message = 'Successfully created new user';
$_SESSION['firstname'] = $_POST['firstname'];
$_SESSION['surname'] = $_POST['surname'];
# redirect to login or you could just
# have the logged in at this point and..
# redirect to restricted.php..
header("Location: /login.php");
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
然后像这样设置restricted.php:
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header("Location: /login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Restricted Area</title>
<link rel="stylesheet" type="text/css" href="../assets/css/style.css">
<link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'>
<?php include '../header.php'; ?>
</head>
<body>
<h1>Welcome <?php echo $_SESSION['firstname']; ?> <?php echo $_SESSION['surname']; ?></h1>
<h2>You have sucessfully logged in with your credentials</h2>
</body>
</html>