一周前,我开始使用js和php来构建一个小网站。为了让人们登录,我开始通过mysqli查询进行数据库访问,但过了一段时间我发现,使用pdo会更好。
php-script本身就像我想要的那样工作,如果login-params是正确的,则返回用户。
我现在的问题是,当我使用pdo实现(我的示例中当前已注释掉)时,不再有$ _SESSION ['user'],而是使用mysqli-query实现。
如果我错过了一些基本的东西,我不会感到惊讶,但我还没有找到解决方案。 'unserialize(序列化($ user))'也是一个绝望的尝试来解决我的问题。只是说$ _SESSION ['user'] = $ user;行为方式相同。
有没有人知道我的代码有什么问题?我可以坚持使用工作版本,但我更喜欢使用pdo。
在我的示例中,我使用了一个表用户,其中包含email,password和firstname列。 php文件名为test1l.php
<!DOCTYPE html>
<html lang="en">
<head>
<title>Test1l</title>
<meta content="text/javascript" charset="UTF-8"/>
</head>
<?php
if(isset($_POST['login'])) {
session_start();
session_regenerate_id();
$dbservername = "127.0.01";
$dbusername = "username";
$dbpassword = "password";
$dbname = "dbname";
$dbport = 1337;
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname, $dbport);
if ($conn->connect_error) {
header('HTTP/1.1 901 Connection failed', true);
header('X-PHP-Response-Code: 901', true);
} else {
$email = $_POST['email'];
$password = $_POST['password'];
$errormsg = "";
$user = NULL;
$sql = "SELECT * FROM user WHERE email = '" . $email . "'";
$result = $conn->query($sql);
$conn->close();
if ($result->num_rows > 0) {
$count = 0;
while($row = $result->fetch_assoc()) {
if (count > 1) {
header('HTTP/1.1 902 Too many results', true);
header('X-PHP-Response-Code: 902', true);
}
$user = $row;
$count++;
}
if (password_verify($password, $user['password'])) {
$_SESSION['user'] = $user;
} else {
header('HTTP/1.1 903 Wrong password', true);
header('X-PHP-Response-Code: 903', true);
}
} else {
header('HTTP/1.1 904 Unknown E-Mail', true);
header('X-PHP-Response-Code: 904', true);
}
}
}
?>
<!--
if(isset($_POST['login'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$user = NULL;
$pdo = new PDO('mysql:host=127.0.01;dbname=dbname;port=1337', 'username', 'password');
$statement = $pdo->prepare("SELECT * FROM user WHERE email = ?");
$result = $statement->execute(array($email));
if ($result === false) {
header('HTTP/1.1 901 Login Statement failed', true);
header('X-PHP-Response-Code: 901', true);
} else {
$count = 0;
while($row = $statement->fetch()) {
$user = $row;
$count++;
}
if ($count > 1) {
header('HTTP/1.1 902 Too many results', true);
header('X-PHP-Response-Code: 902', true);
} else if ($count < 1) {
header('HTTP/1.1 904 Unknown E-Mail', true);
header('X-PHP-Response-Code: 904', true);
} else {
if (password_verify($password, $user['password'])) {
$_SESSION['user'] = unserialize(serialize($user));
} else {
header('HTTP/1.1 903 Wrong password', true);
header('X-PHP-Response-Code: 903', true);
}
}
}
}
-->
<body>
<div style="display:table; margin-left:auto; margin-right:auto;">
<?php session_start(); if(!isset($_SESSION['user'])) : ?>
<form method="post">
<div id="errorlogin"></div>
<div>
<input type="text" placeholder="Enter E-Mail-Address" name="email" required>
</div>
<div>
<input type="password" placeholder="Enter Password" name="password"required>
</div>
<button type="button" class="btn-login" name="login" onclick="logMeIn(this.form.email.value, this.form.password.value)">Login</button>
<script>
function logMeIn(email, password, remember) {
var http = new XMLHttpRequest();
var url = 'test1l.php';
var params = 'login=1&email=' + email + '&password=' + password + '&remember=' + remember;
http.open('POST', url, true);
http.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
http.onreadystatechange = function() {
if (http.readyState == 4) {
document.getElementById('errorlogin').innerHTML = '';
if (http.status == 200) {
document.location = 'test1l';
} else if (http.status == 903 || http.status == 904) {
document.getElementById('errorlogin').innerHTML += 'Incorrect email or password.';
} else {
document.getElementById('errorlogin').innerHTML += 'Error during login: ' + http.status;
}
}
}
http.send(params);
}
</script>
</form>
<?php else : ?>
Hello <?php echo $_SESSION['user']['firstname']; ?>
<?php endif; ?>
</div>
</body>
</html>
答案 0 :(得分:1)
在注释掉的版本中,它在调用session_start之前尝试写入会话。
答案 1 :(得分:-1)
我的pdo尝试缺少session_start();.
抱歉浪费你的时间。