Php 分配$\u会话变量
如果使用$\u GET方法获取用户名,如果有多个用户登录,就会遇到问题。登录的最新用户将覆盖其他用户的信息(不在数据库中),如果前一个用户尝试交谈,则其用户名将是最新用户的用户名 前。 用户Xp10d3登录。他的用户名仍然是Xp10d3。 用户III已登录。Xp10d3的用户名突然变成了III的用户名 我知道这样做的原因,但我想知道如果我要给$\u GET变量分配一个$\u会话变量,该变量会保持静态而不改变吗?如果没有,我如何解决此问题 登录\u check\u update.php:Php 分配$\u会话变量,php,jquery,html,session,Php,Jquery,Html,Session,如果使用$\u GET方法获取用户名,如果有多个用户登录,就会遇到问题。登录的最新用户将覆盖其他用户的信息(不在数据库中),如果前一个用户尝试交谈,则其用户名将是最新用户的用户名 前。 用户Xp10d3登录。他的用户名仍然是Xp10d3。 用户III已登录。Xp10d3的用户名突然变成了III的用户名 我知道这样做的原因,但我想知道如果我要给$\u GET变量分配一个$\u会话变量,该变量会保持静态而不改变吗?如果没有,我如何解决此问题 登录\u check\u update.php: <
<?php
session_start();
/* Sends an email to the user and adds the special key to another database */
$username = $_GET['username']; /* Gets the username that was submitted in the HTML form. */
$password = $_GET['password']; /* Gets the password that was submitted in the HTML form. */
$servername = "localhost"; /* MySQL database. Change if needed! Most of the time its not localhost unless you're hosting on your computer. */
$user = 'usernamelol'; /* MySQL username. Change if needed. */
$pass = 'passwordlol'; /* MySQL password. Change if needed. */
$dbname = 'vibemcform'; /* MySQL database name. Change if needed. */
$bytes = random_bytes(10); /* Randomized code */
$key = bin2hex($bytes); /* Makes the randomized code */
$link = "live.php";
$con = new mysqli($servername, $user, $pass, $dbname); /* Connects to the database */
$query = mysqli_query($con, "SELECT * FROM data WHERE (USERNAME = $username) AND password = $password");
if (!$query || mysqli_num_rows($query) == 1) {
echo "Found data in the database! Visit the chat!";
echo "<form action='live.php' method='post'><a href='".$link."'><input type='submit' name='btn1' value='$username'/></a></form>";
echo "Session ID: ". session_id() . ". ";
} else {
echo "Username not found/password incorrect. Please try again!";
}
$conn = null;
echo 'Username submitted: ' . $username . ' Password submitted: ' . $password . ' .'; exit;
?>
$\u会话[“”]变量是全局变量。我以前不知道,但现在知道了。我只是为每个注册的用户分配了每个变量
<!DOCTYPE HTML>
<html>
<head>
<style>
body {
text-align: center;
font-family: sans-serif;
}
a {
text-decoration: none;
color: blue;
}
#logout {
margin: 0 auto;
text-align: center;
border: 1px solid;
border-radius: 5px;
max-width:1024px;;
height: 800px;
}
</style>
</head>
<body>
<div id="logout">
<?php
session_start();
/* Sends an email to the user and adds the special key to another database */
$username = $_GET['username']; /* Gets the username that was submitted in the HTML form. */
$password = $_GET['password']; /* Gets the password that was submitted in the HTML form. */
$email = $_GET['email']; /* Gets the email that was submitted in the HTML form. */
$servername = "localhost"; /* MySQL database. Change if needed! Most of the time its not localhost unless you're hosting on your computer. */
$user = 'xxxx'; /* MySQL username. Change if needed. */
$pass = 'xxxx'; /* MySQL password. Change if needed. */
$dbname = 'vibemcform'; /* MySQL database name. Change if needed. */
$bytes = random_bytes(10); /* Randomized code */
$key = bin2hex($bytes); /* Makes the randomized code */
$con = new mysqli($servername, $user, $pass, $dbname); /* Connects to the database */
$query = mysqli_query($con, "SELECT * FROM `data` WHERE USERNAME='".$username."'"); /* Gets the username that was submitted */
$hash = password_hash($password, PASSWORD_DEFAULT);
$_SESSION['hash'] = $hash;
$_SESSION['password_not'] = $password;
if (mysqli_num_rows($query) > 0) { /* If the username exists... */
echo "ERROR: Username already exists. Please try signing up again.";
$con -> close();
exit;
} else { /* If the username DOESN'T exist... */
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $user, $pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO dont (STR, USERNAME, PASSWORD, EMAIL)
VALUES ('$key', '$username', '$hash', '$email')"; /* Insert all the data to the database */
$conn->exec($sql);
}
catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
}
$conn = null;
$msg = "localhost/vibemcform/verify.php?str=". $key . " Please verify your email!";
$msg = wordwrap($msg,70);
/*
$headers = array("From: xp10d363@gmail.com",
"X-Mailer: PHP/" . PHP_VERSION
);
*/
if (mail($email,"Verify your email",$msg/*, $headers*/)) {
echo 'Message accepted to your email address! Check your email to verify your account.';
} else {
echo 'Message not sent to your email. Contact the owner of the website!';
}
exit;
?>
<a href="index.html">Home</a>
</div>
</body>
</html>
身体{
文本对齐:居中;
字体系列:无衬线;
}
a{
文字装饰:无;
颜色:蓝色;
}
#注销{
保证金:0自动;
文本对齐:居中;
边框:1px实心;
边界半径:5px;
最大宽度:1024px;;
高度:800px;
}
您不应该在数据库中存储明文密码,应该使用password\u hash()
和password\u verify()
。您还应该使用准备好的语句来防止SQL注入。是的,每个用户会话都有自己的$\u session
变量,这就是关键所在。如果(!$query | | mysqli_num_rows($query)==1)
<则自相矛盾。您的查询也应该得到一个错误。这些是最有可能的字符串,但您没有引用变量;我知道密码散列之类的。我还没来得及把它们加密或散列到数据库中。为了回答你的问题@FunkFortyNiner,我试着引用$query,但我一直得到一个错误。我相信是T_-enclosed_-STRING那个。而且那个似乎不起作用。它仍然覆盖我所有的变量。代码:
<!DOCTYPE HTML>
<html>
<head>
<style>
body {
text-align: center;
font-family: sans-serif;
}
a {
text-decoration: none;
color: blue;
}
#logout {
margin: 0 auto;
text-align: center;
border: 1px solid;
border-radius: 5px;
max-width:1024px;;
height: 800px;
}
</style>
</head>
<body>
<div id="logout">
<?php
session_start();
/* Sends an email to the user and adds the special key to another database */
$username = $_GET['username']; /* Gets the username that was submitted in the HTML form. */
$password = $_GET['password']; /* Gets the password that was submitted in the HTML form. */
$email = $_GET['email']; /* Gets the email that was submitted in the HTML form. */
$servername = "localhost"; /* MySQL database. Change if needed! Most of the time its not localhost unless you're hosting on your computer. */
$user = 'xxxx'; /* MySQL username. Change if needed. */
$pass = 'xxxx'; /* MySQL password. Change if needed. */
$dbname = 'vibemcform'; /* MySQL database name. Change if needed. */
$bytes = random_bytes(10); /* Randomized code */
$key = bin2hex($bytes); /* Makes the randomized code */
$con = new mysqli($servername, $user, $pass, $dbname); /* Connects to the database */
$query = mysqli_query($con, "SELECT * FROM `data` WHERE USERNAME='".$username."'"); /* Gets the username that was submitted */
$hash = password_hash($password, PASSWORD_DEFAULT);
$_SESSION['hash'] = $hash;
$_SESSION['password_not'] = $password;
if (mysqli_num_rows($query) > 0) { /* If the username exists... */
echo "ERROR: Username already exists. Please try signing up again.";
$con -> close();
exit;
} else { /* If the username DOESN'T exist... */
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $user, $pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO dont (STR, USERNAME, PASSWORD, EMAIL)
VALUES ('$key', '$username', '$hash', '$email')"; /* Insert all the data to the database */
$conn->exec($sql);
}
catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
}
$conn = null;
$msg = "localhost/vibemcform/verify.php?str=". $key . " Please verify your email!";
$msg = wordwrap($msg,70);
/*
$headers = array("From: xp10d363@gmail.com",
"X-Mailer: PHP/" . PHP_VERSION
);
*/
if (mail($email,"Verify your email",$msg/*, $headers*/)) {
echo 'Message accepted to your email address! Check your email to verify your account.';
} else {
echo 'Message not sent to your email. Contact the owner of the website!';
}
exit;
?>
<a href="index.html">Home</a>
</div>
</body>
</html>