Php 注册后自动登录似乎不起作用,会重定向到上次登录的用户帐户。
我对编程基本上是新手,我想创建一个注册表单,用户应该在其中自动登录。但是,不会直接指向他们的用户帐户,而是显示以前登录用户的帐户详细信息。此外,当试图在URL中显示用户ID时,这不会显示。以下是注册代码:Php 注册后自动登录似乎不起作用,会重定向到上次登录的用户帐户。,php,Php,我对编程基本上是新手,我想创建一个注册表单,用户应该在其中自动登录。但是,不会直接指向他们的用户帐户,而是显示以前登录用户的帐户详细信息。此外,当试图在URL中显示用户ID时,这不会显示。以下是注册代码: <?php session_start(); include "php/config/database.php"; if (isset($_POST['submit'])) { $FirstName = $_POST['FirstName']; $Surname
<?php
session_start();
include "php/config/database.php";
if (isset($_POST['submit'])) {
$FirstName = $_POST['FirstName'];
$Surname = $_POST['Surname'];
$Email = $_POST['Email'];
$dbPassword = $_POST['Password'];
// Check if data exists already in the database
if (empty($FirstName) || empty($Surname) || empty($Email) || empty($dbPassword)) {
echo "sorry no rmpty fields";
}
$exists = mysqli_query($conn, "SELECT Email FROM Users WHERE Email = '$Email'");
$row = mysqli_fetch_array($exists);
$dbEmail = $row['Email'];
if ($Email == $dbEmail) {
die("Username already taken.");
} else {
$sql = "INSERT INTO Users(FirstName,Surname,Email,Password)VALUES('$FirstName','$Surname','$Email','$dbPassword')";
$sqlUserID = mysqli_query($conn, "SELECT UserID FROM Users WHERE UserID = '$UserID'");
$_SESSION['UserID'] = $dbUserID;
$res = mysqli_query($conn, $sql);
if (!$res) {
die("Query Failed!" . mysqli_error($conn));
} else {
$query = mysqli_query($conn, $sql);
$getRow = mysqli_fetch_array($query);
$dbUserID = $getRow['UserID'];
$dbPassword = $getRow['Password'];
if (mysqli_query($conn, $sql)) {
$UserID = $dbUserID;
header("Location: account?UserID=".$UserID);
} else {
echo "Error! There was a problem registering you!";
}
}
}
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>background</title>
</head>
<body>
</body>
</html>
背景
以下是登录代码:
<?php
session_start();
if(isset($_POST['submit'])) {
include("php/config/database.php");
$Email =$_POST['Email'];
$dbPassword =$_POST['Password']);
if(empty($Email) || empty($Password))
{
echo "sorry no rmpty fields";
}
else
{
$Email = mysqli_real_escape_string($conn, $Email);
$dbPassword = mysqli_real_escape_string($conn, $dbPassword);
$dbPassword = md5($dbPassword);
$sql = "SELECT * FROM Users WHERE Email='$Email' LIMIT 1";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_array($query);
$UserID = $row['UserID'];
$dbpass = $row['Password'];
if($dbPassword == $dbpass) {
$_SESSION['Email'] = $Email;
$_SESSION['UserID'] = $UserID;
header("Location: account.php");
}
else
{
echo "You didn't enter the correct details!";
}
}
}
?>
<html >
<head>
<meta charset="UTF-8">
<title>background</title>
<link rel="stylesheet" href="css/style.css">
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</head>
<body>
<form action="index.php" method="post">
<div class="box">
<h1 id="logintoregister">
Login
</h1>
<div class="group show">
<input class="inputMaterial" type="text" name="FirstName" />
<label>First Name</label>
</div>
<div class="group show">
<input class="inputMaterial" type="text" name="Surname" />
<label>Surname</label>
</div>
<div class="group">
<input class="inputMaterial" type="email" name="Email" />
<label>Email</label>
</div>
<div class="group">
<input class="inputMaterial" type="password" id="password"
name="Password" /> <label>Password</label>
</div>
<div class="group show">
<input class="inputMaterial" type="password" id=
"confirm_password" /> <label>Confirm Password</label>
</div>
<button id="buttonlogintoregister" type="submit" name="submit">Login</button>
<p id="plogintoregister">
By registering, You accept all terms and conditons
</p>
<p id="textchange" onclick="register()">
Sign Up
</p>
</div>
</form>
<!-- Related demos -->
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
这行代码根本没有意义:
$sqlUserID = mysqli_query($conn, "SELECT UserID FROM Users WHERE UserID = '$UserID'");
您试图选择一个您声称已经拥有的值,那么您选择的是什么呢
您没有该值,因为从未定义过$UserID
。所以你最多只能这样做:
header("Location: account?UserID=".$UserID);
$sqlUserID=mysqli_查询($conn,“从UserID=''的用户中选择UserID”)代码>
我想,它不会找到任何记录。因此,假设代码中的任何其他逻辑错误都不会产生运行时中断错误,那么您最多只能这样做:
header("Location: account?UserID=".$UserID);
这将被评估为:
"Location: account?UserID="
似乎与你的另一个问题非常接近,我希望你不要打算继续使用这个问题。鉴于SQL注入漏洞,从技术上讲,你允许用户以任何他们想要的方式登录。更重要的是,您在哪里定义了$UserID
?您正在SELECT
查询中使用它,但从未定义过它。从逻辑上讲,您希望从这个查询中得到什么?:“从UserID='$UserID'”的用户中选择UserID