Question

在我的项目中，作为一个起点，我按照“phpacademy.com”中的“登录和注册”视频编写了代码。我已将该代码重用于我的项目。

问题是：当在数据库上拥有不同的用户时，它只使用DB的第一个用户登录，user_id = 1.其他用户，尽管事情看起来很好，但他们要么不登录在，或登录，一旦页面被重新打开，它不会保持会话。

最常见的错误是什么？或者没有考虑到什么？

以下代码：

<?php


function change_profile_image($user_id, $file_temp, $file_extn) {

    $file_path = '/images/profile/' . substr(md5(time()), 0, 10) . '.' . $file_extn;
    if (move_uploaded_file($file_temp, $file_path)) {
        echo 'Updaloaded correctly';
    }

    mysql_query(" UPDATE `users` SET `profile` = '" .  mysql_real_escape_string($file_path) . "' WHERE `user_id` = " . (int)$user_id);
}




function recover($mode, $email){
    $mode = sanitize($mode);
    $email = sanitize($email);

    $user_data = user_data(user_id_from_email($_POST['email']), 'username');

    if ($mode === 'username') {
        //revocer usernmae
        // nao tenho a funçao emial ------>>>>>>>>>>    email();
    } else if ($mode === 'password') {
        //revocer password
        $generated_password = substr(md5(rand(999, 999999)),0,8);
        change_password($user_data['user_id'], $generated_password);
    }
}


function update_user($update_data){
    // array_walk percorre todos os elementos de un array (neste caso register_data) e aplica-lhe uma funçao
    global $session_user_id;
    $update = array();
    array_walk($update_data, 'array_sanitize');
    foreach ($update_data as $field=>$data) {
        $update[] = '`' . $field . '` = \'' . $data . '\'';
    }

    mysql_query("UPDATE `users` SET " . implode(', ', $update) . " WHERE `user_id` = $session_user_id");

}

function change_password($user_id, $password){

    $user_id = (int)$user_id;
    $password = md5($password);

    mysql_query("UPDATE `users` SET `password` = '$password' WHERE `user_id` = '$user_id'");
}


function register_user($register_data){
    // array_walk percorre todos os elementos de un array (neste caso register_data) e aplica-lhe uma funçao
    array_walk($register_data, 'array_sanitize');
    $register_data['password'] = md5($register_data['password']);
    $username = $register_data['username'];

    $fields = '`' . implode('`, `', array_keys($register_data)) . '`';
    $data = '\'' . implode('\', \'', $register_data) . '\'';


    mysql_query("INSERT INTO `users` ($fields) VALUES ($data)");

    mysql_query("UPDATE `users` SET `active`=1 WHERE `username`= '$username'");

}



function users_count(){

    return mysql_result(mysql_query("SELECT count(`user_id`) FROM `users` WHERE `active` = 1"), 0);
}


function user_data($user_id){

    // phpacademy tutorial part 7 - part 2
    $data = array();
    $user_id = (int)$user_id;

    // func_num_args --> http://www.php.net/manual/es/function.func-get-args.php
    $func_num_args = func_num_args();
    $func_get_args = func_get_args();

    if ($func_num_args > 1) {
        unset($func_get_args[0]);
        // implode --> http://php.net/manual/es/function.implode.php
        $fields = '`' . implode('`,`', $func_get_args) . '`';
        $query = mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id");
        $data = mysql_fetch_assoc($query);
        return $data;
    }
}


function logged_in(){
    // isset --> Determina si una variable está definida y no es NULL. --> http://php.net/manual/es/function.isset.php
    // Otro exemplo: http://techtalk.virendrachandak.com/php-isset-vs-empty-vs-is_null/
    return (isset($_SESSION['user_id'])) ? true : false;


}


function user_exists($username){

    $username = sanitize($username);
    $query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
    return (mysql_result($query, 0) == 1) ? true : false;
}

function email_exists($email){

    $email = sanitize($email);
    $query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'");
    return (mysql_result($query, 0) == 1) ? true : false;
}



function user_active($username){

    $username = sanitize($username);
    $query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1");
    return (mysql_result($query, 0) == 1) ? true : false;
}


function user_id_from_username($username){
    $username = sanitize($username);
    return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0,'user_id');

}

function user_id_from_email($email){
    $email = sanitize($email);
    return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `email` = '$email'"), 0,'user_id');

}


function login($username, $password){
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = md5($password);

    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password`='$password'"), 0) == 1) ? $user_id : false;

}

?>

的init.php

<?php

session_start();
//error_reporting(0);

require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';

// Make sure the user is logged in
if (logged_in() === true) {

    // Save the session
    $session_user_id = $_SESSION['user_id'];
    // Grab the user data which we can use throughout the website in any page, using the user_data function
    $user_data = user_data($session_user_id,'user_id', 'name', 'username','password', 'email');



    // Usa-se no caso de o administrador do site querer desactivar uma conta
    if (user_active($user_data['username']) === false) {
        session_destroy();
        header ('location: sign_in.php?failed_user_active');
        exit();
    }   
}



$errors = array();

?>

的login.php

<?php

// starts the session and checks for logged in
include 'core/init.php';
logged_in_redirect();


// Form rules
if (empty($_POST) === false) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    if (empty($username) || empty($password)) {
        $errors[] = 'You need to enter a username and password';
    } else if (user_exists($username) === false) {
        $errors[] = 'We cant find that username, have you regitered?';  
    } else if (user_active($username) == false) {
        $errors[] = 'You havent activated your account';
    } else {

        if (strlen($password) > 32) {
            $errors[] = 'Password too long';
        }

        $login = login($username, $password);
        if ($login === false) {
            $errors[] = 'This username and password is incorrect';
        } else {
            $_SESSION['user_id'] = $login;
            header('Location: main.php');
            exit();
            // set the user session
            // redirect the user HOME

        }

    }



} else {

    $errors[] = 'No data received';
}
if(empty($errors) == false){


?>


<h2> we tried to log you in but...</h2>

<?php

 echo output_errors($errors);
}
?>

DB：

user_id
name
username
email
password
active

Edit Edit
 Copy Copy
 Delete Delete
1
alex
3@gmail.com
5f4dcc3b5aa765d61d8327deb882cf99
1

Edit Edit
 Copy Copy
 Delete Delete
15
ana
6@gmail.com
5f4dcc3b5aa765d61d8327deb882cf99
1

PHP用户使用不同的用户帐户登录

0 个答案: