>我有一个书店网站,目前有一个登录功能,可以在成功登录时设置会话。我试图在我的索引.php文件上实现一个标题,如果用户未登录,该文件会打印出"Guest",并在成功登录后将"Guest"替换为他们的名字。目前,当用户登录时,我的网页打印出"欢迎来到书店,(名称("。但是,如果用户未登录并且未设置会话,则只会打印出"欢迎来到书店"。这是我的代码:
<?php
session_start();
include "connection.php";
$greeting = "";
if(!isset($_SESSION)) {
$greeting = "Guest";
}
if(isset($_SESSION)) {
$greeting = $_SESSION['name'];
}
?>
<!DOCTYPE html>
<html>
<head>
<title>UND Bookstore</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0"></meta>
<meta name="author" content="Sai Peri"></meta>
<meta name="description" content="CSCI 457 Assignment 1"></meta>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<!-- Latest jQuery libraries -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-12">
<nav id="nav" class="navbar navbar-inverse text-center">
<ul class="nav navbar-nav">
<li class="active"><a href="index.php">Home</a></li>
<li><a href="login.php">Login</a></li>
<li><a href="search.php">Search</a></li>
<li><a href="check.php">Add/Delete/Edit</a></li>
</ul>
</nav>
</div> <!-- End col-md-12 -->
</div> <!-- End row (nav)-->
<div class="row" id="body">
<div class="col-md-12">
<div class="page-header">
<h3 class="text-center">Welcome to the Bookstore, <?php echo $greeting; ?></h3>
</div> <!-- End of page-header -->
<p class="text-center">In order to get the full functionalty of the website you need to login. If you do not have an account you can register on the same "Login" webpage. You do not need to be logged in to use the search functionality, however. It should be noted that only the administrator can access the "Add/Delete/Edit" page.</p>
</div> <!-- End col-md-12 -->
</div> <!-- End row (nav)-->
<div class="row" id="footer">
<div class="col-md-12 text-center">
<footer>Created 2019 by Sai Peri</footer>
</div> <!-- End col-md-12 -->
</div> <!-- End row (nav)-->
</div> <!-- End container -->
</body>
</html>
除了我的评论之外,检查用户是否未登录还有任何意义吗? 为什么不假设是这种情况,并在找到用户名时将用户名添加到问候语中。
像这样:
<?php
session_start();
include "connection.php";
$greeting = "Guest";
if(isset($_SESSION['name'])) {
$greeting = htmlspecialchars($_SESSION['name']);
// added special chars to avoid xss attacks
}
?>