1. 首页
  2. 问答
  3. [PHP]从会话变量中给出错误值的SQL表

[PHP]从会话变量中给出错误值的SQL表

2014-09-11 56 views
0

我将用户权限存储在与用户信息相同的表中,因此有三个布尔条目,用于三个权限级别。登录后,从该用户的行中的数据插入到会话变量与下面的代码:[PHP]从会话变量中给出错误值的SQL表

private function loginWithPostData($user_name, $user_password, $user_rememberme) 
{ 
    if (empty($user_name)) { 
     $this->errors[] = MESSAGE_USERNAME_EMPTY; 
    } else if (empty($user_password)) { 
     $this->errors[] = MESSAGE_PASSWORD_EMPTY; 

    // if POST data (from login form) contains non-empty user_name and non-empty user_password 
    } else { 
     // user can login with his username or his email address. 
     // if user has not typed a valid email address, we try to identify him with his user_name 
     if (!filter_var($user_name, FILTER_VALIDATE_EMAIL)) { 
      // database query, getting all the info of the selected user 
      $result_row = $this->getUserData(trim($user_name)); 

     // if user has typed a valid email address, we try to identify him with his user_email 
     } else if ($this->databaseConnection()) { 
      // database query, getting all the info of the selected user 
      $query_user = $this->db_connection->prepare('SELECT * FROM users WHERE user_email = :user_email'); 
      $query_user->bindValue(':user_email', trim($user_name), PDO::PARAM_STR); 
      $query_user->execute(); 
      // get result row (as an object) 
      $result_row = $query_user->fetchObject(); 
     } 

     // if this user not exists 
     if (! isset($result_row->user_id)) { 
      // was MESSAGE_USER_DOES_NOT_EXIST before, but has changed to MESSAGE_LOGIN_FAILED 
      // to prevent potential attackers showing if the user exists 
      $this->errors[] = MESSAGE_LOGIN_FAILED; 
     } else if (($result_row->user_failed_logins >= 3) && ($result_row->user_last_failed_login > (time() - 30))) { 
      $this->errors[] = MESSAGE_PASSWORD_WRONG_3_TIMES; 
     // using PHP 5.5's password_verify() function to check if the provided passwords fits to the hash of that user's password 
     } else if (! password_verify($user_password, $result_row->user_password_hash)) { 
      // increment the failed login counter for that user 
      $sth = $this->db_connection->prepare('UPDATE users ' 
        . 'SET user_failed_logins = user_failed_logins+1, user_last_failed_login = :user_last_failed_login ' 
        . 'WHERE user_name = :user_name OR user_email = :user_name'); 
      $sth->execute(array(':user_name' => $user_name, ':user_last_failed_login' => time())); 

      $this->errors[] = MESSAGE_PASSWORD_WRONG; 
     // has the user activated their account with the verification email 
     } else if ($result_row->user_active != 1) { 
      $this->errors[] = MESSAGE_ACCOUNT_NOT_ACTIVATED; 
     } else { 
      // write user data into PHP SESSION [a file on your server] 
      $_SESSION['user_id'] = $result_row->user_id; 
      $_SESSION['user_name'] = $result_row->user_name; 
      $_SESSION['user_email'] = $result_row->user_email; 
      $_SESSION['user_logged_in'] = 1; 
      $_SESSION['user_first_name'] = $result_row->user_first_name; 
      $_SESSION['user_last_name'] = $result_row->user_last_name; 
      $_SESSION['user_address_line_1'] = $result_row->user_address_line_1; 
      $_SESSION['permission_1'] = $result_row->permission_1; 
      $_SESSION['permission_2'] = $result_row->permission_2; 
      $_SESSION['permission_3'] = $result_row->permission_3; 

      // declare user id, set the login status to true 
      $this->user_id = $result_row->user_id; 
      $this->user_name = $result_row->user_name; 
      $this->user_email = $result_row->user_email; 
      $this->user_is_logged_in = true;

现在,当我使用PHP来告诉我,该列有一个1,我得到不正确的数据,虽然使用所有其他数据同样的方法(第一姓名,电子邮件地址等)的作品perfectly.This是我使用的代码:我做了什么

if($_SESSION['permission_1'] = 1){ 
    echo "ADMIN"; 
} else { 
    if($_SESSION['permission_2'] = 1){ 
     echo "MANAGEMENT COMPANY"; 
    } else { 
     if($_SESSION['permission_3'] = 1){ 
      echo "USER"; 
     } else { 
      echo "You do not currently have any permissions. Please wait for a member of the management team to verify you."; 
     } 
    } 
}

导致要么没有被破坏唯一布尔值会话结束还是报告不准确?

来源

2014-09-11 user3805867

+0

看起来你正在设置permission_admin,permission_lessor等,而不是permission_1,permission_2? – Shravan 2014-09-11 08:57:49

+0

是的,我在这里改变这些,他们都是perm_admin,出租人等在代码中,我认为id改变了他们所有,它不是.. – user3805867 2014-09-11 09:03:37

+1

你可以更新代码以及var_dump($ _ SESSION)显示什么? – Shravan 2014-09-11 09:05:08

回答

2

我认为你缺少一个=尝试这样的改变它在所有的if() S的:

$_SESSION['permission_3'] == 1

在PHP =如果类型是一样的赋值,==检查它(也===检查在比较)

来源

2014-09-11 09:11:08

+2

另外,不需要使用3个变量/行来设置权限。使用一个可以取3个值的变量/行,例如A,M和U.相同的结果,更少的行数,更少的麻烦。 – 2014-09-11 09:13:13

+1

好主意,我会尝试这些,谢谢! – user3805867 2014-09-11 09:41:06

 相关问题

  • 暂无相关问题^_^