Php 我有用户名显示在我的网站上,但当我登录时,用户名消失了
我不是这方面的专业人士,所以说这一切对我来说都是相当新鲜的。我一直在研究并试图找出我的错误,但运气不佳:(.我是否使用了Php 我有用户名显示在我的网站上,但当我登录时,用户名消失了,php,html,Php,Html,我不是这方面的专业人士,所以说这一切对我来说都是相当新鲜的。我一直在研究并试图找出我的错误,但运气不佳:(.我是否使用了session\u start()错误?以下是我的代码: profile.php这是我想让它响应的页面 <?php session_start(); include("connect.php"); include("functions.php"); if(logged_in()) { ?> <?php
session\u start()
错误?以下是我的代码:
profile.php这是我想让它响应的页面
<?php
session_start();
include("connect.php");
include("functions.php");
if(logged_in())
{
?>
<?php
}
else
{
header("location:login.php");
exit();
}?>
<div id='userid'> <?php echo $_SESSION['userid']; ?></div>
functions.php
<?php
session_start();
include("connect.php");
include("functions.php");
if(logged_in())
{
header("location:quotin.php");
exit();
}
$error = "";
if(isset($_POST['submit']))
{
$_SESSION['email'] = mysqli_real_escape_string($con, $_POST['email']);
$_SESSION['firstName'] = mysqli_real_escape_string($con, $_POST['fname']);
$_SESSION['lastName'] = mysqli_real_escape_string($con, $_POST['lname']);
$_SESSION['password'] = mysqli_real_escape_string($con, $_POST['password']);
$_SESSION['userid'] = mysqli_real_escape_string($con, $_POST['userid']);
$_SESSION['image'] = mysqli_real_escape_string($con, $_POST['image']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$checkBox = isset($_POST['keep']);
if(email_exists($email,$con))
{
$result = mysqli_query($con, "SELECT password FROM users WHERE email='$email'");
$retrievepassword = mysqli_fetch_assoc($result);
if(!password_verify($password, $retrievepassword['password']))
{
$error = "Password is incorrect";
}
else
{
$_SESSION['email'] = $email;
if($checkBox == "on")
{
setcookie("email",$email, time()+3600);
}
header("location: quotin.php");
}
}
else
{
$error = "Email Does not exists";
}
}?>
<body>
<div id="error" style=" <?php if($error !=""){ ?> display:block; <?php } ?> "><?php echo $error; ?></div>
<div id="wrapper">
<div id="menu">
<a href="signup.php">Sign Up</a>
<a href="login.php">Login</a>
</div>
<div id="formDiv">
<form method="POST" action="login.php">
<label>Email:</label><br/>
<input type="text" class="inputFields" name="email" required/><br/><br/>
<label>Password:</label><br/>
<input type="password" class="inputFields" name="password" required/><br/><br/>
<input type="checkbox" name="keep" />
<label>Keep me logged in</label><br/><br/>
<input type="submit" name="submit" class="theButtons" value="login" />
</form>
</div>
</div>
</body>
<?php
session_start();
include("connect.php");
include("functions.php");
if(logged_in())
{
header("location:profile.php");
exit();
}
$error = "";
if(isset($_POST['submit']))
{ $_SESSION['email'] = mysqli_real_escape_string($con, $_POST['email']);
$_SESSION['firstName'] = mysqli_real_escape_string($con, $_POST['fname']);
$_SESSION['lastName'] = mysqli_real_escape_string($con, $_POST['lname']);
$_SESSION['password'] = mysqli_real_escape_string($con, $_POST['password']);
$_SESSION['userid'] = mysqli_real_escape_string($con, $_POST['userid']);
$firstName = mysqli_real_escape_string($con, $_POST['fname']);
$lastName = mysqli_real_escape_string($con, $_POST['lname']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$userid = mysqli_real_escape_string($con, $_POST['userid']);
$password = $_POST['password'];
$passwordConfirm = $_POST['passwordConfirm'];
$image = $_FILES['image']['name'];
$tmp_image = $_FILES['image']['tmp_name'];
$imageSize = $_FILES['image']['size'];
$conditions = isset($_POST['conditions']);
$date = date("F, d Y");
if(strlen($firstName) < 3)
{
$error = "First name is too short";
}
else if(strlen($lastName) < 3)
{
$error = "Last name is too short";
}
else if(strlen($userid) > 8)
{
$error = "You need a longer username";
}
else if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$error = "Please enter valid email address";
}
else if(email_exists($email, $con))
{
$error = "Someone is already registered with this email";
}
else if(strlen($password) < 8)
{
$error = "Password must be greater than 8 characters";
}
else if($password !== $passwordConfirm)
{
$error = "Password does not match";
}
else if($image == "")
{
$error = "Please upload your image";
}
else if($imageSize > 1048576)
{
$error = "Image size must be less than 1 mb";
}
else if(!$conditions)
{
$error = "You must be agree with the terms and conditions";
}
else
{
$password = password_hash($password, PASSWORD_DEFAULT);
$imageExt = explode(".", $image);
$imageExtension = $imageExt[1];
if($imageExtension == "PNG" || $imageExtension == "png" || $imageExtension == "JPG" || $imageExtension == "jpg")
{
$image = rand(0, 100000).rand(0, 100000).rand(0, 100000).time().".".$imageExtension;
$insertQuery = "INSERT INTO users(firstName, lastName, userid, email, password, image) VALUES ('$firstName','$lastName','$userid','$email','$password','$image')";
if(mysqli_query($con, $insertQuery))
{
if(move_uploaded_file($tmp_image,"images/$image"))
{
$error = "You are successfully registered";
}
else
{
$error = "Image is not uploaded";
}
}
}
else
{
$error = "File must be an image. PNG or JPG";
}
}
}?>
<body>
<div id="error" style=" <?php if($error !=""){ ?> display:block; <?php } ?> "><?php echo $error; ?></div>
<div id="wrapper">
<div id="menu">
<a href="quotin_start.php">Sign Up</a>
<a href="login.php">Login</a>
</div>
<div id="formDiv">
<form method="POST" action="signup.php" enctype="multipart/form-data">
<label>First Name:</label><br/>
<input type="text" name="fname" class="inputFields" required/><br/><br/>
<label>Last Name:</label><br/>
<input type="text" name="lname" class="inputFields" required/><br/><br/>
<label>Username:</label><br/>
<input type="text" name="userid" class="inputFields" required/><br/><br/>
<label>Email:</label><br/>
<input type="text" name="email" class="inputFields" required/><br/><br/>
<label>Password:</label><br/>
<input type="password" name="password" class="inputFields" required/><br/><br/>
<label>Re-enter Password:</label><br/>
<input type="password" name="passwordConfirm" class="inputFields" required/><br/><br/>
<label>Image:</label><br/>
<input type="file" name="image" id="imageupload"/><br/><br/>
<input type="checkbox" name="conditions" />
<label>I am agree with terms and conditions</label><br/><br/>
<input type="submit" class="theButtons" name="submit" />
</form>
</div>
</div>
</body>
<?php
function email_exists($email, $con)
{
$result = mysqli_query($con,"SELECT id FROM users WHERE email='$email'");
if(mysqli_num_rows($result) == 1)
{
return true;
}
else
{
return false;
}
}
function logged_in()
{
if(isset($_SESSION['email']) || isset($_COOKIE['email']))
{
return true;
}
else
{
return false;
}
}?>
问题出在login.php中
$_SESSION['userid'] = mysqli_real_escape_string($con, $_POST['userid']);
您正试图在会话中存储用户ID,但没有为其设置POST变量,因为您提交的登录页仅包含电子邮件和密码。
成功执行登录查询后,您将再次在会话中存储电子邮件,而不是用户ID
因此,在成功比较密码之后,首先通过从db检索用户ID将其存储在会话中,以便会话获得您在配置文件页面上期望的值
所以试着做:
$result = mysqli_query($con, "SELECT * FROM users WHERE email='$email'"); //Changed the query
$retrievepassword = mysqli_fetch_assoc($result);
if(!password_verify($password, $retrievepassword['password']))
{
$error = "Password is incorrect";
}
else
{
$_SESSION['userid'] = $retrievepassword['userid'];//storing the retrieved userid from db
if($checkBox == "on")
{
setcookie("email",$email, time()+3600);
}
header("location: quotin.php");
}
问题出在login.php中
$_SESSION['userid'] = mysqli_real_escape_string($con, $_POST['userid']);
您正试图在会话中存储用户ID,但没有为其设置POST变量,因为您提交的登录页仅包含电子邮件和密码。
成功执行登录查询后,您将再次在会话中存储电子邮件,而不是用户ID
因此,在成功比较密码之后,首先通过从db检索用户ID将其存储在会话中,以便会话获得您在配置文件页面上期望的值
所以试着做:
$result = mysqli_query($con, "SELECT * FROM users WHERE email='$email'"); //Changed the query
$retrievepassword = mysqli_fetch_assoc($result);
if(!password_verify($password, $retrievepassword['password']))
{
$error = "Password is incorrect";
}
else
{
$_SESSION['userid'] = $retrievepassword['userid'];//storing the retrieved userid from db
if($checkBox == "on")
{
setcookie("email",$email, time()+3600);
}
header("location: quotin.php");
}
根据链接,HTTP头是区分大小写的。您是否尝试过在每个头()中将“location”更改为“location”调用?@ctwheels是的,但只有在用户未登录的情况下才应该运行。@ADyson你是对的,我忽略了这一点,我将编辑我的评论,只包含SQL注入标记。你应该考虑使用存储过程来保护自己免受SQL注入根据链接,HTTP头区分大小写。你尝试过吗将每个标题中的“位置”更改为“位置”()调用?@ctwheels是的,但只有在用户未登录的情况下才应该运行。@ADyson你是对的,我忽略了这一点,我将编辑我的评论,只包含SQL注入标记。你应该使用存储过程来保护自己不受SQL注入连接的影响。我有session_start();if(isset($\u POST['submit']){$\u SESSION['userid']=mysqli\u real\u escape\u string($con,$\u POST['userid']);}但是我只在注册时才看到用户名显示。当我重新登录时,用户名就消失了。另外,我照你说的做了,但运气不好。不要将会话变量像那样存储在connect.php中,因为调用profile.php时没有设置post变量,所以会话得到的是空值。所以我只是将所有信息,包括会话_start(),在profile.php中?否。session_start()必须按原样存在。但是,如果在session中存储值,则无需在所有页面上执行相同的操作。例如,您让用户登录并在其中存储userid,现在您可以将其直接用作$会话['userid']如果用户登录,则在应用程序中的任何位置。另外,请阅读会话如何工作。我会这样做。抱歉,还有一个问题。我将把所有的$\u会话信息放在哪里。我正在会话$\u start()下思考。因为我被告知这就是你要做的。Connect.php我有会话$\u start();if(isset($\u POST['submit']){$\u会话['userid']=mysqli\u real\u escape\u string($con,$\u POST['userid']);}但是我只在注册时才看到用户名显示。当我重新登录时,用户名就消失了。另外,我照你说的做了,但运气不好。不要将会话变量像那样存储在connect.php中,因为调用profile.php时没有设置post变量,所以会话得到的是空值。所以我只是将所有信息,包括会话_start(),在profile.php中?否。session_start()必须按原样存在。但是,如果在session中存储值,则无需在所有页面上执行相同的操作。例如,您让用户登录并在其中存储userid,现在您可以将其直接用作$会话['userid']如果用户已登录,则在应用程序中的任何位置。另外,请阅读会话的工作原理。我会这样做。抱歉,还有一个问题。我将把所有$\u会话信息放在哪里。我正在考虑在会话\u start()下?因为有人告诉我,您将这样做。