我有两个PHP页面:登录不捡USER_ID
- 电子邮件/密码登录页面。
- 查看数据的索引页。该数据视图根据用户是否登录而不同。
当我正确输入登录名时,我的登录页面通过“提交”按钮并重定向到index.php。如果我输入错误的登录名,验证工作正常。
但是,user_id似乎没有被带入index.php。我不能在调试中打印出来,因为它说user_id是无效的。
我知道数据库正在被读取,因为它正在页面上显示数据。
这两个页面都有一个session_start();在顶部。
有关如何获取user_id从登录到索引的任何想法?
下面是我的login.php:
<?php
session_start();
require_once "pdo.php";
// Redirect to index.php if use clicks cancel button
if (isset($_POST['cancel'])) {
header("Location: index.php");
return;
}
$salt = 'XyZzy12*_';
// If we have POST data, process it
if (isset($_POST['email']) && isset($_POST['pass'])) {
// Check for email and password
if (strlen($_POST['email']) < 1 || strlen($_POST['pass']) < 1) {
$_SESSION['error'] = "Email and password are required";
header("Location: login.php");
return;
// Check for at-sign in email
} elseif (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['error'] = "Email must have an at-sign (@)";
header("Location: login.php");
return;
} else {
$check = hash('md5', $salt.$_POST['pass']);
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :em AND password = :pw');
$stmt->execute(array(':em' => $_POST['email'], ':pw' => $check));
$check = $stmt->fetch(PDO::FETCH_ASSOC);
if ($check === false) {
// Else redirect to the login page
$_SESSION['error'] = "Incorrect Password";
error_log("Login fail ".$_POST['email']." $check");
header("Location: login.php");
return;
} else {
$_SESSION['name'] = $_POST['email'];
error_log("Login success ".$_POST['email']);
header("Location: index.php");
return;
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<div class="container">
<?php
// Message View of Errors
if (isset($_SESSION['error'])) {
echo('<p style="color: red;">'.htmlentities($_SESSION['error'])."</p>\n");
unset($_SESSION['error']);
}
?>
<h1>Please Log In</h1>
<form method="POST">
<label for="name">Email</label>
<input type="text" name="email" id="name"><br/>
<label for="id_1723">Password</label>
<input type="text" name="pass" id="id_1723"><br/>
<input type="submit" value="Log In" onclick="return doValidate();">
<input type="submit" name="cancel" value="Cancel">
</form>
</div>
<script>
function doValidate() {
console.log('Validating...');
try {
pw = document.getElementById('id_1723').value;
console.log("Validating pw="+pw);
if (pw == null || pw == "") {
alert("Both fields must be filled out");
return false;
}
return true;
} catch(e) {
return false;
}
return false;
}
</script>
</body>
</html>
下面是我的index.php:
<?php
session_start();
require_once "pdo.php";
require_once "util.php";
// Fetch Profiles
$stmt = $pdo->query("SELECT * FROM profile");
$profiles = array();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$profiles[] = $row;
}
?>
<!doctype html>
<html>
<head>
<title>Index</title>
</head>
<body>
<div class="container">
<br /><br />
<h1>Resume Entry</h1>
<?php
flashMessages();
// Login our Logout
if (isset($_SESSION['user_id'])){
echo('<p><a href="logout.php">Logout</a></p>'."\n");
} else {
echo('<p><a href="login.php">Please log in</a></p>'."\n");
}
// Show the table
if (count($profiles) > 0) {
echo ('<table border="1">'."\n");
echo ('<tr><th>Name</th><th>Headline</th>');
if (isset($_SESSION['user_id'])) {
echo ('<th>Action</th>');
}
echo ("<tr>\n");
foreach ($profiles as $profile) {
echo ("<tr><td>\n");
echo ('<a href="view.php?profile_id='.$profile['profile_id'].'">');
echo (htmlentities($profile['first_name']));
echo (' ');
echo (htmlentities($profile['last_name']));
echo ('</a>');
echo ("</td><td>\n");
echo (htmlentities($profile['headline']));
echo ("</td>");
if (isset($_SESSION['user_id'])) {
echo ("<td>\n");
if ($_SESSION['user_id'] == $profile['user_id']) {
echo ('<a href="edit.php?profile_id='.$profile['profile_id'].'">Edit</a>');
echo (' ');
echo ('<a href="delete.php?profile_id='.$profile['profile_id'].'">Delete</a>');
}
echo ("</td>");
}
echo ("</tr>\n");
}
echo ("</table>\n");
}
if (isset($_SESSION['user_id'])) {
echo ('<p><a href="add.php">Add New Entry</a></p>'."\n");
}
?>
</div>
</body>
</html>
看着上面的代码(登录),看起来你没有设置会话值'user_id',只有'name' – Ghost
作为一个旁边,你真的打算提取所有的用户吗?为什么不使用'user_id'在'index'中使用'WHERE'子句 – Ghost
@Ghost在哪里以及如何设置user_id?你能在这里提供指导吗? –