我有一个PHP页面,它应该显示当前登录的用户信息,如firstname,lastname等。我在页面上遇到的唯一问题是它只显示数据库中的第一个用户帐户,恰好是我在我的网站上登录的任何用户帐户的管理员帐户都是错误的,因为每个用户的信息应该是唯一的。
数据库信息:
PRIMARY KEY:user_id
数据库连接代码(init.inc.php):
<?php
session_start();
@mysql_connect('localhost', 'root', '');
mysql_select_db('loginsystem');
$path = dirname(__FILE__);
include("user.inc.php");
$_SESSION['uid'] = 1;
?>
我的后端代码(user.inc.php):
function fetch_users(){
$result = @mysql_query('SELECT `user_id` AS `id`, `user_uid` AS `username` FROM users');
$users = array();
while (($row = mysql_fetch_assoc($result)) !== false){
$users[] = $row;
}
return $users;
}
//fetches profile info for the given user
function fetch_user_info($uid){
$uid = (int)$uid;
$sql = "SELECT `user_uid` AS `username`, `user_first` AS `firstname`, `user_last` AS `lastname`, `user_email` AS `email` FROM `users` WHERE `user_id` = {$uid}";
$result = mysql_query($sql);
return mysql_fetch_assoc($result);
}
//Updates the current users profile.
function set_profile_info($username, $firstname, $lastname, $email){
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$email = mysql_real_escape_string(htmlentities($email));
$sql = "SELECT `user_first` AS `firstname`, `user_last` AS `lastname`, `user_email` AS `email` FROM `users` WHERE `user_id` = {$uid}";
mysql_query($sql);
}
前端代码(edit_profile.php):
<?php
include('init.inc.php');
if (isset($_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['email'])){
$errors = array();
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
$errors[] = 'The email address you entered is not valid.';
}
if(preg_match('#^[a-zA-Z ]+$#i', $_POST['firstname']) === 0){
$errors[] = 'Your first name must only contain a-z characters only.';
}
if(preg_match('#^[a-zA-Z ]+$#i', $_POST['lastname']) === 0){
$errors[] = 'Your last name must only contain a-z characters only.';
}
if (empty($errors)){
set_profile_info($_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['email']);
}
$user_info = array(
'username' => htmlentities($_POST['username']),
'firstname' => htmlentities($_POST['firstname']),
'lastname' => htmlentities($_POST['lastname']),
'email' => htmlentities($_POST['email'])
);
}else{
$user_info = fetch_user_info($_SESSION['uid']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns=""http://www.w3.org/1999/xhtml>
<head>
<title>Edit Your Profile</title>
<style type="text/css">
form div {color: white; font-weight: bold; float: left; clear: both; margin: 0px 0px 4px 0px; }
label {font: 19px/1.5 Arial, Helvetica,sans-serif; color: white; font-weight: bold; float:left; clear:both; margin: 0px 0px 4px 0px; }
input[type="text"], textarea {font: 16px/1.5 Arial, Helvetica,sans-serif; margin-left: 10px; float:left; width: 400px; }
input[type="submit"] {
width: 300px;
-webkit-transition: all .1s;
background: #333;
line-height: 50px;
font-weight: bold;
color: #e3e3e3;
border-radius: 6px;
box-shadow: 0px 0px 2px rgba(0,0,0,.5), 1px 1px 5px rgba(0,0,0,.3);
cursor: pointer;
font-weight: bold;
font: 17px/1.5 Arial, Helvetica,sans-serif;
float: left;
position: absolute;
top: 39%;
}
input[type="submit"]:hover {
background: #e3e3e3;
color: #333;
}
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="./css/style.css">
</head>
<body>
<section id="showcase1">
<div>
<?php
if(isset($errors) === false){
echo 'Click update to edit your profile';
}else if(empty($errors)) {
echo 'Your profile has been updated.';
}else{
echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
}
?>
</div>
<form action="" method="post">
<div>
<label for="username">Username: <?php echo $user_info['username'] ?></label>
</div>
<div>
<label for="firstname">First name:</label>
<input type="text" name="firstname" id="firstname" value="<?php echo $user_info['firstname'] ?>" />
</div>
<div>
<label for="lastname">Last name:</label>
<input type="text" name="lastname" id="lastname" value="<?php echo $user_info['lastname'] ?>" />
</div>
<div>
<label for="email">Email: </label>
<input type="text" name="email" id="email" value="<?php echo $user_info['email'] ?>" />
</div>
<!--<div>
<label for="password">Password:</label>
<input type="text" name="password" id="password" value="" />
</div> -->
<div>
<input type="submit" value="Update" />
</div>
</form>
</section>
</body>
</html>
更新: login.inc.php代码:
<?php
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error handlers
//Check if inputs are empty
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//De-hashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
//log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../homepage.php");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
login.inc.php使用的数据库文件:
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);
答案 0 :(得分:1)
不推荐使用mysql_ *函数。尝试至少使用mysqli _ *
在你的脚本中$ _SESSION ['uid'] = 1;被硬编码到init.inc.php文件中。您需要动态分配$ _SESSION ['uid']。 在用户登录的情况下(在用户验证之后)尝试根据您的代码获取该用户 uid ,它似乎是 user_id 。然后将其分配给$ _SESSION ['uid']。它类似于
$_SESSION['uid'] = $raw['user_id'];
现在您可以使用$ _SESSION ['uid']来获取用户详细信息以编辑em。 如果您发布登录auth php文件,我可能会帮助您更多。