在我的项目中,作为一个起点,我按照“phpacademy.com”中的“登录和注册”视频编写了代码。我已将该代码重用于我的项目。
问题是:当在数据库上拥有不同的用户时,它只使用DB的第一个用户登录,user_id = 1.其他用户,尽管事情看起来很好,但他们要么不登录在,或登录,一旦页面被重新打开,它不会保持会话。
最常见的错误是什么?或者没有考虑到什么?
以下代码:
<?php
function change_profile_image($user_id, $file_temp, $file_extn) {
$file_path = '/images/profile/' . substr(md5(time()), 0, 10) . '.' . $file_extn;
if (move_uploaded_file($file_temp, $file_path)) {
echo 'Updaloaded correctly';
}
mysql_query(" UPDATE `users` SET `profile` = '" . mysql_real_escape_string($file_path) . "' WHERE `user_id` = " . (int)$user_id);
}
function recover($mode, $email){
$mode = sanitize($mode);
$email = sanitize($email);
$user_data = user_data(user_id_from_email($_POST['email']), 'username');
if ($mode === 'username') {
//revocer usernmae
// nao tenho a funçao emial ------>>>>>>>>>> email();
} else if ($mode === 'password') {
//revocer password
$generated_password = substr(md5(rand(999, 999999)),0,8);
change_password($user_data['user_id'], $generated_password);
}
}
function update_user($update_data){
// array_walk percorre todos os elementos de un array (neste caso register_data) e aplica-lhe uma funçao
global $session_user_id;
$update = array();
array_walk($update_data, 'array_sanitize');
foreach ($update_data as $field=>$data) {
$update[] = '`' . $field . '` = \'' . $data . '\'';
}
mysql_query("UPDATE `users` SET " . implode(', ', $update) . " WHERE `user_id` = $session_user_id");
}
function change_password($user_id, $password){
$user_id = (int)$user_id;
$password = md5($password);
mysql_query("UPDATE `users` SET `password` = '$password' WHERE `user_id` = '$user_id'");
}
function register_user($register_data){
// array_walk percorre todos os elementos de un array (neste caso register_data) e aplica-lhe uma funçao
array_walk($register_data, 'array_sanitize');
$register_data['password'] = md5($register_data['password']);
$username = $register_data['username'];
$fields = '`' . implode('`, `', array_keys($register_data)) . '`';
$data = '\'' . implode('\', \'', $register_data) . '\'';
mysql_query("INSERT INTO `users` ($fields) VALUES ($data)");
mysql_query("UPDATE `users` SET `active`=1 WHERE `username`= '$username'");
}
function users_count(){
return mysql_result(mysql_query("SELECT count(`user_id`) FROM `users` WHERE `active` = 1"), 0);
}
function user_data($user_id){
// phpacademy tutorial part 7 - part 2
$data = array();
$user_id = (int)$user_id;
// func_num_args --> http://www.php.net/manual/es/function.func-get-args.php
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
// implode --> http://php.net/manual/es/function.implode.php
$fields = '`' . implode('`,`', $func_get_args) . '`';
$query = mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id");
$data = mysql_fetch_assoc($query);
return $data;
}
}
function logged_in(){
// isset --> Determina si una variable está definida y no es NULL. --> http://php.net/manual/es/function.isset.php
// Otro exemplo: http://techtalk.virendrachandak.com/php-isset-vs-empty-vs-is_null/
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_exists($username){
$username = sanitize($username);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
return (mysql_result($query, 0) == 1) ? true : false;
}
function email_exists($email){
$email = sanitize($email);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'");
return (mysql_result($query, 0) == 1) ? true : false;
}
function user_active($username){
$username = sanitize($username);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1");
return (mysql_result($query, 0) == 1) ? true : false;
}
function user_id_from_username($username){
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0,'user_id');
}
function user_id_from_email($email){
$email = sanitize($email);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `email` = '$email'"), 0,'user_id');
}
function login($username, $password){
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password`='$password'"), 0) == 1) ? $user_id : false;
}
?>
的init.php
<?php
session_start();
//error_reporting(0);
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
// Make sure the user is logged in
if (logged_in() === true) {
// Save the session
$session_user_id = $_SESSION['user_id'];
// Grab the user data which we can use throughout the website in any page, using the user_data function
$user_data = user_data($session_user_id,'user_id', 'name', 'username','password', 'email');
// Usa-se no caso de o administrador do site querer desactivar uma conta
if (user_active($user_data['username']) === false) {
session_destroy();
header ('location: sign_in.php?failed_user_active');
exit();
}
}
$errors = array();
?>
的login.php
<?php
// starts the session and checks for logged in
include 'core/init.php';
logged_in_redirect();
// Form rules
if (empty($_POST) === false) {
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) || empty($password)) {
$errors[] = 'You need to enter a username and password';
} else if (user_exists($username) === false) {
$errors[] = 'We cant find that username, have you regitered?';
} else if (user_active($username) == false) {
$errors[] = 'You havent activated your account';
} else {
if (strlen($password) > 32) {
$errors[] = 'Password too long';
}
$login = login($username, $password);
if ($login === false) {
$errors[] = 'This username and password is incorrect';
} else {
$_SESSION['user_id'] = $login;
header('Location: main.php');
exit();
// set the user session
// redirect the user HOME
}
}
} else {
$errors[] = 'No data received';
}
if(empty($errors) == false){
?>
<h2> we tried to log you in but...</h2>
<?php
echo output_errors($errors);
}
?>
DB:
user_id
name
username
email
password
active
Edit Edit
Copy Copy
Delete Delete
1
alex
3@gmail.com
5f4dcc3b5aa765d61d8327deb882cf99
1
Edit Edit
Copy Copy
Delete Delete
15
ana
6@gmail.com
5f4dcc3b5aa765d61d8327deb882cf99
1