1. 首頁
  2. 問答
  3. SQL數據庫值變量

SQL數據庫值變量

2017-03-18 86 views
0

所以,我還挺新的PHP和MySQL,但我發現一個登錄表單,並適應我的需要,因爲我沒有這個知識,使一個我自己呢。我在數據庫中添加了名字和姓氏列,註冊表格將這些值添加到數據庫中。SQL數據庫值變量

現在我希望能夠以顯示名字和姓到受限制的頁面,之所以我需要的,這是因爲我希望它說:歡迎喬博客。以下是註冊表格。

<?php 

session_start(); 

if(isset($_SESSION['user_id'])){ 
    header("Location: /"); 
} 

require 'database.php'; 

$message = ''; 

if(!empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['surname'])): 

    // Enter the new user in the database 
    $sql = "INSERT INTO users (email, password, firstname, surname) VALUES (:email, :password, :firstname, :surname)"; 
    $stmt = $conn->prepare($sql); 

    $stmt->bindParam(':email', $_POST['email']); 
    $stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT)); 
    $stmt->bindParam(':firstname', $_POST['firstname']); 
    $stmt->bindParam(':surname', $_POST['surname']); 

    if($stmt->execute()): 
     $message = 'Successfully created new user'; 
    else: 
     $message = 'Sorry there must have been an issue creating your account'; 
    endif; 

endif; 

?> 

<!DOCTYPE html> 
<html> 
<head> 
    <title>Register</title> 
    <?php include '../header.php'; ?> 
</head> 
<body> 

    <?php if(!empty($message)): ?> 
     <p><?= $message ?></p> 
    <?php endif; ?> 

    <h1>Register</h1> 
    <span>or <a href="login.php">login here</a></span> 

    <form action="register.php" method="POST"> 

     <input type="text" placeholder="Enter your email" name="email"> 
     <input type="password" placeholder="and password" name="password"> 
     <input type="password" placeholder="confirm password" name="confirm_password"> 
     <input type="text" placeholder="Enter your first name" name="firstname"> 
     <input type="text" placeholder="Enter your surname" name="surname"> 
     <input type="submit"> 

    </form> 

</body> 
</html>

及以下這裏是登錄表單作爲即時通訊真的不知道什麼你們要幫我:)

<?php 

session_start(); 

if(isset($_SESSION['user_id'])){ 
    header("Location: /"); 
} 

require 'database.php'; 

if(!empty($_POST['email']) && !empty($_POST['password'])): 

    $records = $conn->prepare('SELECT id,email,password FROM users WHERE email = :email'); 
    $records->bindParam(':email', $_POST['email']); 
    $records->execute(); 
    $results = $records->fetch(PDO::FETCH_ASSOC); 

    $message = ''; 

    if(count($results) > 0 && password_verify($_POST['password'], $results['password'])){ 

     $_SESSION['user_id'] = $results['id']; 
     header("Location: /"); 

    } else { 
     $message = 'Sorry, those credentials do not match'; 
    } 

endif; 

?> 

<!DOCTYPE html> 
<html> 
<head> 
    <title>Login</title> 
    <?php include '../header.php'; ?> 
</head> 
<body> 
    <?php if(!empty($message)): ?> 
    <p><?= $message ?></p> 
    <?php endif; ?> 

    <h1>Login</h1> 
    <span>or <a href="register.php">register here</a></span> 

    <form action="login.php" method="POST"> 

     <input type="text" placeholder="Enter your email" name="email"> 
     <input type="password" placeholder="and password" name="password"> 
     <input type="submit"> 

    </form> 

</body> 
</html>

而且同時我在這裏,我目前使用JavaScript重定向到主頁一旦你退出,因爲我無法找到如何使用PHP做

Restricted.php任何信息:

<!DOCTYPE html> 
<html> 
<head> 
    <title>Restricted Area</title> 
    <link rel="stylesheet" type="text/css" href="../assets/css/style.css"> 
    <link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'> 
    <?php 
    include '../header.php'; 
    ?> 

</head> 
<body> 

    <?php 
    session_start(); 

    if(isset($_SESSION['user_id'])) { ?> 
     <h1>Restriced Area</h1> 

     <h2>You have sucessfully logged in with your credentials</h2> 
    <?php 
    } else { ?> 
     <script type="text/javascript"> 
     window.location = "login.php"; 
     </script> 
    <?php 
    exit; 
    } 

    ?> 


</body> 
</html>

只要讓我知道你們是否需要更多的信息/代碼。

謝謝。

來源

2017-03-18 Jeff

+0

'回聲$ username'將打印到屏幕? – Slime

+0

用戶名有電子郵件,我想如果它有名稱顯示。 – Jeff

+0

顯示在哪裏?在最後一位代碼?也不管..只要你有你的第一和姓只需將它們添加到您的會話和你喜歡的地方顯示出來.. – Rick

回答

0

由於Qirel建議...

Restricted.php應該類似於此:

<?php 
session_start(); 
if(!isset($_SESSION['user_id'])){ 
    header("Location: /login.php"); // no need to query 
} 
require('database.php'); // assumed to declare $conn=new PDO(...); 
$loggedin=$conn->prepare('SELECT firstname,surname FROM users WHERE id=?'); 
$loggedin->execute(array($_SESSION['user_id'])); 
$results=$loggedin->fetch(PDO::FETCH_ASSOC); 
if(!$results || count($results)<1){ 
    header("Location: /login.php"); // unsuccessful query 
} 
?> 
<!DOCTYPE html> 
<html> 
<head> 
    <title>Restricted Area</title> 
    <link rel="stylesheet" type="text/css" href="../assets/css/style.css"> 
    <link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'> 
    <?php include '../header.php'; ?> 
</head> 
<body> 
    <h1>Restriced Area</h1> 
    <h2>You have successfully logged in with your credentials</h2> 
    <?php echo "Welcome {$results['firstname']} {$results['surname']}"; ?> 
</body> 
</html>

編輯:

太嚴重但我想這種說法邊界尤其對於沒有經驗的php編碼人員來說,SESSION數據可能被劫持(這在Pro PHP Sec從應用程序安全原則到實施XSS防禦 - 第7章:防止會話劫持),因此建議不要在$ _SESSION中存儲任何個人信息。這最重要的包括信用卡號碼,政府頒發的ID密碼;但也會延伸到更少的假設數據,如用戶名,電子郵件,電話號碼等,這將允許黑客模仿/妥協的合法用戶。

互聯網仍然是非常在其「狂野西部」的時代,沒有什麼是100%安全的。 ...和互聯網安全是一個兔子洞/錢坑。每個編碼員都應該花一些時間來了解已知的威脅並防止它們發生,但是這種情況會因人而異。

來源

2017-03-18 02:55:56 mickmackusa

+0

PHP警告:PDOStatement對象::執行():SQLSTATE [HY093]:無效參數號:綁定變量的數目不匹配/令牌數***/*** **第22行的l/******/*****/register.php第22行是「$ loggedin-> execute();」 – Jeff

+0

所以我需要做的就是粘貼到restricted.php而不是其他如果其他語句,它應該工作? @mickmackusa – Jeff

+0

多數民衆贊成在一個公平的點,我想它更好地開始學習的東西「正確的方式」。所以我嘗試了你的解決方案,並且頁面只是顯示空白,所以即時猜測與if語句有關的東西。這是我得到的錯誤:[18-Mar-2017 12:31:11 UTC] PHP致命錯誤:未捕獲錯誤:調用成員函數prepare()在null在dirremoved/restricted.php:18和#0 { main} 在第18行拋出dirremoved/restricted.php – Jeff

0

也許這樣?

在第一個片段後,成功添加一個新用戶..

if($stmt->execute()): 
    $message = 'Successfully created new user'; 
    $_SESSION['firstname'] = $_POST['firstname']; 
    $_SESSION['surname'] = $_POST['surname']; 
    # redirect to login or you could just 
    # have the logged in at this point and.. 
    # redirect to restricted.php.. 
    header("Location: /login.php"); 
else: 
    $message = 'Sorry there must have been an issue creating your account'; 
endif;

然後設置restricted.php像這樣:

<?php 
session_start(); 
if (!isset($_SESSION['user_id'])) { 
    header("Location: /login.php"); 
} 
?> 
<!DOCTYPE html> 
<html> 
<head> 
    <title>Restricted Area</title> 
    <link rel="stylesheet" type="text/css" href="../assets/css/style.css"> 
    <link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'> 
    <?php include '../header.php'; ?> 
</head> 
<body> 
<h1>Welcome <?php echo $_SESSION['firstname']; ?> <?php echo $_SESSION['surname']; ?></h1> 
<h2>You have sucessfully logged in with your credentials</h2> 
</body> 
</html>

來源

2017-03-18 03:04:21 Rick

+0

謝謝:)完美的工作。 – Jeff

+0

已決定與另一個去,因爲它意味着即時通訊不存儲人民的姓名等,感謝解決方案無論如何 – Jeff

相關問題

 相關問題