会议?如何显示用户行?

时间:2011-03-06 16:19:00

标签: php mysql session

我想显示游戏角色的属性,这些属性位于用户TABLE下。因此,我希望它显示已登录用户的特定属性,因为它应该在他的行中。我是否需要在会话中注册我的用户,因为我没有。

这是我在登录

时用来获取用户会话的代码 
<?
if(isset($_POST['Login'])) {

    if (ereg('[^A-Za-z0-9]', $_POST['name'])) {// before we fetch anything from the database we want to see if the user name is in the correct format.
         echo "Invalid  Username.";
         }else{

             $query = "SELECT password,id,login_ip FROM users WHERE name='".mysql_real_escape_string($_POST['Username'])."'"; 
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result); // Search the database and get the password, id, and login ip that belongs to the name in the username field.

if(empty($row['id'])){
    // check if the id exist and it isn't blank.
    echo "Account doesn't exist.";
    }else{

        if(md5($_POST['password']) != $row['password']){
            // if the account does exist this is matching the password with the password typed in the password field. notice to read the md5 hash we need to use the md5 function.
            echo "Your password is incorrect."; 
            }else{

                if(empty($row['login_ip'])){ // checks to see if the login ip has an ip already 
        $row['login_ip'] = $_SERVER['REMOTE_ADDR'];
        }else{

        $ip_information = explode("-", $row['login_ip']); // if the ip is different from the ip that is on the database it will store it

        if (in_array($_SERVER['REMOTE_ADDR'], $ip_information)) {   
        $row['login_ip'] = $row['login_ip'];
        }else{  
        $row['login_ip'] = $row['login_ip']."-".$_SERVER['REMOTE_ADDR'];
        }
        }

    $_SESSION['user_id'] = $row['id'];// this line of code is very important. This saves the user id in the php session so we can use it in the game to display information to the user.

$result = mysql_query("UPDATE users SET userip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',login_ip='".mysql_real_escape_string($row['login_ip'])."' WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'")
or die(mysql_error());

// to test that the session saves well we are using the sessions id update the database with the ip information we have received.

header("Location: play.php"); // this header redirects me to the Sample.php i made earlier


            }
            }
    }
}
?>

1 个答案:

答案 0 :(得分:1)

您需要找到您登录的用户。你如何登录你的系统?您可以尝试以下几个选项:

  • 使用会话(在会话中保存userID,并使用where id = {$id}
    • 之类的内容将其添加到查询中
  • 从您的登录代码中获取您的用户ID。因此,检查用户是否已登录的相同代码可以返回用户标识。

您当前的代码显示了您的登录方式,这有效吗?然后你应该可以在以前的代码中使用你的会话。

举个例子,您需要检查一下,并了解其他代码。感觉有点像你不太了解你发布的代码,所以很难展示一切,但它应该是这样的。

<?php 
 session_start();
 $id =  $_SESSION['user_id'];
 //you need to do some checking of this ID! sanitize here!
 $result = mysql_query("SELECT * FROM users" where id = {$id}) or die(mysql_error());
// keeps getting the next row until there are no more to get
    while($row = mysql_fetch_array( $result )) {
 }
相关问题
最新问题