所以在我的项目中,我试图声明一个变量,所以它会显示他们的全名,如果登录。我假设这将是一个从表中获取数据的查询但我不确定如何让它确保它获得特定用户名而不是表上的名字
这是我的注册码。
if( $user->is_logged_in() ){ header('Location: index.php'); }
//如果表单已经提交,处理它如果收取($ _POST['提交'])){
//very basic validation
if(strlen($_POST['username']) < 3){
$error[] = 'Username is too short.';
} else {
$stmt = $db->prepare('SELECT username FROM members WHERE username = :username');
$stmt->execute(array(':username' => $_POST['username']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(!empty($row['username'])){
$error[] = 'Username provided is already in use.';
}
}
if(strlen($_POST['password']) < 3){
$error[] = 'Password is too short.';
}
if(strlen($_POST['passwordConfirm']) < 3){
$error[] = 'Confirm password is too short.';
}
if($_POST['password'] != $_POST['passwordConfirm']){
$error[] = 'Passwords do not match.';
}
//email validation
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
$error[] = 'Please enter a valid email address';
} else {
$stmt = $db->prepare('SELECT email FROM members WHERE email = :email');
$stmt->execute(array(':email' => $_POST['email']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(!empty($row['email'])){
$error[] = 'Email provided is already in use.';
}
}
//email validation
if(strlen($_POST['fullname']) < 2){
$error[] = 'Please enter a valid full name';
} else {
$stmt = $db->prepare('SELECT fullname FROM members WHERE fullname = :fullname');
$stmt->execute(array(':fullname' => $_POST['fullname']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(!empty($row['email'])){
$error[] = 'Email provided is already in use.';
}
}
//if no errors have been created carry on
if(!isset($error)){
//hash the password
$hashedpassword = $user->password_hash($_POST['password'], PASSWORD_BCRYPT);
//create the activasion code
$activasion = md5(uniqid(rand(),true));
try {
//insert into database with a prepared statement
$stmt = $db->prepare('INSERT INTO members (username,password,email,fullname,active) VALUES (:username, :password, :email, :fullname, :active)');
$stmt->execute(array(
':username' => $_POST['username'],
':password' => $hashedpassword,
':email' => $_POST['email'],
':fullname' => $_POST['fullname'],
':active' => $activasion
));
$id = $db->lastInsertId('memberID');
//send email
$to = $_POST['email'];
$subject = "Registration Confirmation";
$body = "Thank you for registering at demo site.nn To activate your account, please click on this link:nn ".DIR."activate.php?x=$id&y=$activasionnn Regards Site Admin nn";
$additionalheaders = "From: <".SITEEMAIL.">rn";
$additionalheaders .= "Reply-To: $".SITEEMAIL."";
mail($to, $subject, $body, $additionalheaders);
//redirect to index page
header('Location: index.php?action=joined');
exit;
//else catch the exception and show the error.
} catch(PDOException $e) {
$error[] = $e->getMessage();
}
}
}
用用户类更新:
<?php
包括("password.php");类用户扩展密码{
private $_db;
function __construct($db){
parent::__construct();
$this->_db = $db;
}
private function get_user_hash($username){
try {
$stmt = $this->_db->prepare('SELECT password FROM members WHERE username = :username');
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['password'];
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->password_verify($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
return true;
}
}
public function logout(){
session_destroy();
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
}
为什么不直接从数据库中选择它们呢?
请不要介意我加入一些伪代码,因为我不是很熟悉你的变量。
首先,如果登录凭据正确,则创建/启动SESSION。
if($login_credentials_correct){ //lol you know what I mean here
session_start();
$_SESSION['username'] = $_POST['username']; // or wherever it may have come from
}
现在会话已经开启,您可以执行类似于下面的查询
<?php
session_start(); // fixed
$username = $_SESSION['username'];
$stmt = $db->prepare('SELECT fullname FROM members where username= :username');
$stmt->execute(array(':username'=>$username));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$fullName = $row['fullName']; //I am not sure if this is the correct index.
//to make sure, use var_dump($row) and find out which index has the full name
echo $fullName; //voila.
?>
现在,这段代码只在用户名唯一的情况下才有效。哈哈该网站没有唯一的用户名
你可以张贴你的登录代码吗?我试着用你目前掌握的信息来回答。如果您希望用户能够登录并显示他们的数据,请执行
if(!($_SERVER['REQUEST_METHOD'] == "POST")){
//Code here for users trying to access page incorrectly
}else{
if(isset($_POST['username']) && ($_POST['username'] <= $UsernameMaxLength)){
$username=strip_tags(stripslashes($_POST['username'])); //Clean the data up
}else{
//Error handling code
}
if(isset($_POST['password']) && ($_POST['password'] <= $PasswordMaxLength)){
//I would advise you use SHA1() instead for password encryption, but I'll use what you used here
$password=$user->password_hash(strip_tags(stripslashes($_POST['password'])), PASSWORD_BCRYPT); //Clean the data up
}else{
//Error handling code
}
if(!isset($username) || !isset($password)){
//Error handling code
}else{
$stmt = $db->prepare('SELECT fullname FROM members where username= :username and password=:password');
$stmt->execute(array('username':$username,'password':$password));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//Code here to make sure there is a row with the number given and all that
//other jazz. In this code I'll assume all went well
if(All_went_well){
//Start your session to store variables you want
session_start();
$_SESSION['fullname']=$row['fullname'];
}
}
}
在您的登录方法中,将$username
保存为$_SESSION['loggedin']
下的会话值,您可以稍后像这样检索…
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->password_verify($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
return true;
}
}
然后在文件底部添加另一个方法,类似于…
public function get_username(){
if(isset($_SESSION['username'])){
return $_SESSION['username'];
}
}
然后你可以像$user->get_username()那样调用这个方法来获取当前登录用户的用户名。然后从数据库中获取他们的全名需要一个简单的查询"WHERE username =:username"。如果您可以添加另一个这样的方法来使事情变得更简单…
public function get_fullname(){
if(issset($_SESSION['username']){
$stmt = $this->_db->prepare('SELECT fullname FROM members WHERE username = :username');
$stmt->execute(array('username' => $this->get_fullname()));
$row = $stmt->fetch();
return $row['fullname'];
}
}