1. 首页
  2. 问答
  3. SQL数据库值变量

SQL数据库值变量

2017-03-18 82 views
0

所以,我还挺新的PHP和MySQL,但我发现一个登录表单,并适应我的需要,因为我没有这个知识,使一个我自己呢。我在数据库中添加了名字和姓氏列,注册表格将这些值添加到数据库中。SQL数据库值变量

现在我希望能够以显示名字和姓到受限制的页面,之所以我需要的,这是因为我希望它说:欢迎乔博客。以下是注册表格。

<?php 

session_start(); 

if(isset($_SESSION['user_id'])){ 
    header("Location: /"); 
} 

require 'database.php'; 

$message = ''; 

if(!empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['surname'])): 

    // Enter the new user in the database 
    $sql = "INSERT INTO users (email, password, firstname, surname) VALUES (:email, :password, :firstname, :surname)"; 
    $stmt = $conn->prepare($sql); 

    $stmt->bindParam(':email', $_POST['email']); 
    $stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT)); 
    $stmt->bindParam(':firstname', $_POST['firstname']); 
    $stmt->bindParam(':surname', $_POST['surname']); 

    if($stmt->execute()): 
     $message = 'Successfully created new user'; 
    else: 
     $message = 'Sorry there must have been an issue creating your account'; 
    endif; 

endif; 

?> 

<!DOCTYPE html> 
<html> 
<head> 
    <title>Register</title> 
    <?php include '../header.php'; ?> 
</head> 
<body> 

    <?php if(!empty($message)): ?> 
     <p><?= $message ?></p> 
    <?php endif; ?> 

    <h1>Register</h1> 
    <span>or <a href="login.php">login here</a></span> 

    <form action="register.php" method="POST"> 

     <input type="text" placeholder="Enter your email" name="email"> 
     <input type="password" placeholder="and password" name="password"> 
     <input type="password" placeholder="confirm password" name="confirm_password"> 
     <input type="text" placeholder="Enter your first name" name="firstname"> 
     <input type="text" placeholder="Enter your surname" name="surname"> 
     <input type="submit"> 

    </form> 

</body> 
</html>

及以下这里是登录表单作为即时通讯真的不知道什么你们要帮我:)

<?php 

session_start(); 

if(isset($_SESSION['user_id'])){ 
    header("Location: /"); 
} 

require 'database.php'; 

if(!empty($_POST['email']) && !empty($_POST['password'])): 

    $records = $conn->prepare('SELECT id,email,password FROM users WHERE email = :email'); 
    $records->bindParam(':email', $_POST['email']); 
    $records->execute(); 
    $results = $records->fetch(PDO::FETCH_ASSOC); 

    $message = ''; 

    if(count($results) > 0 && password_verify($_POST['password'], $results['password'])){ 

     $_SESSION['user_id'] = $results['id']; 
     header("Location: /"); 

    } else { 
     $message = 'Sorry, those credentials do not match'; 
    } 

endif; 

?> 

<!DOCTYPE html> 
<html> 
<head> 
    <title>Login</title> 
    <?php include '../header.php'; ?> 
</head> 
<body> 
    <?php if(!empty($message)): ?> 
    <p><?= $message ?></p> 
    <?php endif; ?> 

    <h1>Login</h1> 
    <span>or <a href="register.php">register here</a></span> 

    <form action="login.php" method="POST"> 

     <input type="text" placeholder="Enter your email" name="email"> 
     <input type="password" placeholder="and password" name="password"> 
     <input type="submit"> 

    </form> 

</body> 
</html>

而且同时我在这里,我目前使用JavaScript重定向到主页一旦你退出,因为我无法找到如何使用PHP做

Restricted.php任何信息:

<!DOCTYPE html> 
<html> 
<head> 
    <title>Restricted Area</title> 
    <link rel="stylesheet" type="text/css" href="../assets/css/style.css"> 
    <link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'> 
    <?php 
    include '../header.php'; 
    ?> 

</head> 
<body> 

    <?php 
    session_start(); 

    if(isset($_SESSION['user_id'])) { ?> 
     <h1>Restriced Area</h1> 

     <h2>You have sucessfully logged in with your credentials</h2> 
    <?php 
    } else { ?> 
     <script type="text/javascript"> 
     window.location = "login.php"; 
     </script> 
    <?php 
    exit; 
    } 

    ?> 


</body> 
</html>

只要让我知道你们是否需要更多的信息/代码。

谢谢。

来源

2017-03-18 Jeff

+0

'回声$ username'将打印到屏幕? – Slime

+0

用户名有电子邮件,我想如果它有名称显示。 – Jeff

+0

显示在哪里?在最后一位代码?也不管..只要你有你的第一和姓只需将它们添加到您的会话和你喜欢的地方显示出来.. – Rick

回答

0

由于Qirel建议...

Restricted.php应该类似于此:

<?php 
session_start(); 
if(!isset($_SESSION['user_id'])){ 
    header("Location: /login.php"); // no need to query 
} 
require('database.php'); // assumed to declare $conn=new PDO(...); 
$loggedin=$conn->prepare('SELECT firstname,surname FROM users WHERE id=?'); 
$loggedin->execute(array($_SESSION['user_id'])); 
$results=$loggedin->fetch(PDO::FETCH_ASSOC); 
if(!$results || count($results)<1){ 
    header("Location: /login.php"); // unsuccessful query 
} 
?> 
<!DOCTYPE html> 
<html> 
<head> 
    <title>Restricted Area</title> 
    <link rel="stylesheet" type="text/css" href="../assets/css/style.css"> 
    <link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'> 
    <?php include '../header.php'; ?> 
</head> 
<body> 
    <h1>Restriced Area</h1> 
    <h2>You have successfully logged in with your credentials</h2> 
    <?php echo "Welcome {$results['firstname']} {$results['surname']}"; ?> 
</body> 
</html>

编辑:

太严重但我想这种说法边界尤其对于没有经验的php编码人员来说,SESSION数据可能被劫持(这在Pro PHP Sec从应用程序安全原则到实施XSS防御 - 第7章:防止会话劫持),因此建议不要在$ _SESSION中存储任何个人信息。这最重要的包括信用卡号码,政府颁发的ID密码;但也会延伸到更少的假设数据,如用户名,电子邮件,电话号码等,这将允许黑客模仿/妥协的合法用户。

互联网仍然是非常在其“狂野西部”的时代,没有什么是100%安全的。 ...和互联网安全是一个兔子洞/钱坑。每个编码员都应该花一些时间来了解已知的威胁并防止它们发生,但是这种情况会因人而异。

来源

2017-03-18 02:55:56 mickmackusa

+0

PHP警告:PDOStatement对象::执行():SQLSTATE [HY093]:无效参数号:绑定变量的数目不匹配/令牌数***/*** **第22行的l/******/*****/register.php第22行是“$ loggedin-> execute();” – Jeff

+0

所以我需要做的就是粘贴到restricted.php而不是其他如果其他语句,它应该工作? @mickmackusa – Jeff

+0

多数民众赞成在一个公平的点,我想它更好地开始学习的东西“正确的方式”。所以我尝试了你的解决方案,并且页面只是显示空白,所以即时猜测与if语句有关的东西。这是我得到的错误:[18-Mar-2017 12:31:11 UTC] PHP致命错误:未捕获错误:调用成员函数prepare()在null在dirremoved/restricted.php:18和#0 { main} 在第18行抛出dirremoved/restricted.php – Jeff

0

也许这样?

在第一个片段后,成功添加一个新用户..

if($stmt->execute()): 
    $message = 'Successfully created new user'; 
    $_SESSION['firstname'] = $_POST['firstname']; 
    $_SESSION['surname'] = $_POST['surname']; 
    # redirect to login or you could just 
    # have the logged in at this point and.. 
    # redirect to restricted.php.. 
    header("Location: /login.php"); 
else: 
    $message = 'Sorry there must have been an issue creating your account'; 
endif;

然后设置restricted.php像这样:

<?php 
session_start(); 
if (!isset($_SESSION['user_id'])) { 
    header("Location: /login.php"); 
} 
?> 
<!DOCTYPE html> 
<html> 
<head> 
    <title>Restricted Area</title> 
    <link rel="stylesheet" type="text/css" href="../assets/css/style.css"> 
    <link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'> 
    <?php include '../header.php'; ?> 
</head> 
<body> 
<h1>Welcome <?php echo $_SESSION['firstname']; ?> <?php echo $_SESSION['surname']; ?></h1> 
<h2>You have sucessfully logged in with your credentials</h2> 
</body> 
</html>

来源

2017-03-18 03:04:21 Rick

+0

谢谢:)完美的工作。 – Jeff

+0

已决定与另一个去,因为它意味着即时通讯不存储人民的姓名等,感谢解决方案无论如何 – Jeff

相关问题

 相关问题