登录时获取UserID

时间:2011-12-12 18:09:12

标签: php session login session-state

尝试在会话中保存$_SESSION['uID']以用于提取最近订单等功能

我有几个文件:

** login / index.php ** - 这是用户访问登录页面(也就是输入用户/密码),其中包含一堆html标记和这个php:

<?php
session_start();

require_once('../inc/db/dbc.php');
?>

check_buyer.php - 当用户访问login / index.php并输入凭据时调用。输入正确的凭据后,此文件将使用以下函数存储$_SESSION个变量:validateUser{} 

  <?php
session_start(); #recall session from index.php where user logged include()

function isLoggedIn()
{
    if(isset($_SESSION['valid']) && $_SESSION['valid'])
        header( 'Location: buyer/' ); # return true if sessions are made and login creds are valid
    echo "Invalid Username and/or Password";  
    return true;
}

require_once('../inc/db/dbc.php');

$connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
mysql_select_db($db);

$LoginUserName = $_POST['userName'];
$LoginPassword = mysql_real_escape_string($_POST['userPass']);
//connect to the database here
$LoginUserName = mysql_real_escape_string($LoginUserName);
$query = "SELECT uID, uUPass, dynamSalt, uUserType FROM User WHERE uUName = '$LoginUserName';";

$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such USER exists
{
    echo "Invalid Username and/or Password";
}
$ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);

function validateUser() {
    $_SESSION['valid'] = 1;
    $_SESSION['uID'];
    $_SESSION['uUserType'] = 1; // 1 for buyer - 2 for merchant
}

$dynamSalt = $ifUserExists['dynamSalt'];  #get value of dynamSalt in query above
$SaltyPass = hash('sha512',$dynamSalt.$LoginPassword); #recreate originally created dynamic, unique pass

if($SaltyPass != $ifUserExists['uUPass']) # incorrect PASS
{
    echo "Invalid Username and/or Password";
}

else {
validateUser();
}
// If User *has not* logged in yet, keep on /login
if(!isLoggedIn())
{
    header('Location: index.php');
    die();
}
?>

如果所有登录详细信息都没问题,则重定向到 /login/buyer/index.php 

 <?php
session_start();
if($_SESSION['uUserType'] != 1) // error
{ 

    die("
    <div class='container_infinity'>
        <div class='container_full' style='position:static;'>
        <img src='img/error/noAccess.png' style='float:left;' /> <br />
        <h2>403 Error: You may not view this page. Access denied.</h2>
        </div>
    </div>
    ");
}

function isLoggedIn()
{
    return ($_SESSION['valid'] == 1 && $_SESSION['uUserType'] == 1);
}

//if the user has not logged in
if(!isLoggedIn())
{
    header('Location: ../index.php');
    die();
}
?>

<?php 
    if($_SESSION['valid'] == 1 && $_SESSION['uUserType'] == 1){
        #echo "<a href='../logout.php'>Logout</a>";
        echo 'buyerid: '.$_SESSION['uID'];
        require_once('buyer_profile.php');
    }
    else{
        echo "<a href='../index.php'>Login</a>";
    }
?>

当它到达/login/buyer/index.php时,我现在正试图输出在文件$buyerUserID;中创建的用户的又名check_buyer.php。为什么这没有任何价值?所有网页的session_start();也位于顶部

3 个答案:

答案 0 :(得分:1)

function isLoggedIn()
{
    return ($_SESSION['valid'] = 1 && $_SESSION['uUserType'] = 1);
}
buyer/index.php中的

始终返回TRUE。你的意思是:

function isLoggedIn()
{
    return ($_SESSION['valid'] == 1 && $_SESSION['uUserType'] == 1);
}

此外:

<?php 
    if($_SESSION['valid'] == 1 && $_SESSION['uUserType'] = 1){

可能

<?php 
    if($_SESSION['valid'] == 1 && $_SESSION['uUserType'] == 1){

你应该多注意检查是否相等(==)和赋值(=)

答案 1 :(得分:1)

你没有在check_buyer.php的任何地方设置$ _SESSION ['uID']

另外,请注意isLoggedIn()始终返回true,并且对header的调用不会使代码停止,因此即使您已登录,isLoggedIn()也将继续,并且最终将重定向用户到index.php

答案 2 :(得分:1)

您需要在登录过程中设置$_SESSION['uID'] = $ifUserExists['uID'];

编辑:

然后在您的买家php脚本中,您需要输出$_SESSION['uID']而不是$buyerUserId 

<?php
session_start(); #recall session from index.php where user logged include()

function isLoggedIn()
{
    if(isset($_SESSION['valid']) && $_SESSION['valid'])
        header( 'Location: buyer/' ); # return true if sessions are made and login creds are valid
    echo "Invalid Username and/or Password";  
    return true;
}

require_once('../inc/db/dbc.php');

$connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
mysql_select_db($db);

$LoginUserName = $_POST['userName'];
$LoginPassword = mysql_real_escape_string($_POST['userPass']);
//connect to the database here
$LoginUserName = mysql_real_escape_string($LoginUserName);
$query = "SELECT uID, uUPass, dynamSalt, uUserType FROM User WHERE uUName = '$LoginUserName';";

$result = mysql_query($query);
if(mysql_num_rows($result) < 1) //no such USER exists
{
    echo "Invalid Username and/or Password";
}
$ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);

function validateUser() {
    $_SESSION['valid'] = 1;
    $_SESSION['uID'] = (isset($ifUserExists['uID'])) ? $ifUserExists['uID'] : null;
    $_SESSION['uUserType'] = 1; // 1 for buyer - 2 for merchant
}

$dynamSalt = $ifUserExists['dynamSalt'];  #get value of dynamSalt in query above
$SaltyPass = hash('sha512',$dynamSalt.$LoginPassword); #recreate originally created dynamic, unique pass

if($SaltyPass != $ifUserExists['uUPass']) # incorrect PASS
{
    echo "Invalid Username and/or Password";
}

else {
validateUser();
}
// If User *has not* logged in yet, keep on /login
if(!isLoggedIn())
{
    header('Location: index.php');
    die();
}
?>


<?php
session_start();
if($_SESSION['uUserType']!=1) // error
{ 

    die("
    <div class='container_infinity'>
        <div class='container_full' style='position:static;'>
        <img src='img/error/noAccess.png' style='float:left;' /> <br />
        <h2>403 Error: You may not view this page. Access denied.</h2>
        </div>
    </div>
    ");
}

function isLoggedIn()
{
    return ($_SESSION['valid'] = 1 && $_SESSION['uUserType'] = 1);
}

//if the user has not logged in
if(!isLoggedIn())
{
    header('Location: ../index.php');
    die();
}
?>

<?php 
    if($_SESSION['valid'] == 1 && $_SESSION['uUserType'] == 1){
        #echo "<a href='../logout.php'>Logout</a>";
        echo 'buyerid: '.$_SESSION['uID'];
        require_once('buyer_profile.php');
    }
    else{
        echo "<a href='../index.php'>Login</a>";
    }
?>
相关问题
最新问题