我在谷歌找到了一个登录/注册表单教程。问题是我无法理解如何使用会话,尤其是如何使用已登录用户的ID。所以这是登录表单。
<form id="login-form" action="login.php" method="post" role="form" style="display: block;">
<div class="form-group">
<input type="text" name="username" id="username" class="form-control input-lg" placeholder="Потребителско име" value="<?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="1">
</div>
<div class="form-group">
<input type="password" name="password" id="password" class="form-control input-lg" placeholder="Парола" tabindex="3">
</div>
<div class="row">
<div class="col-xs-6 col-md-6"><input type="submit" name="submit" value="Log" class="btn btn-primary btn-block btn-lg" tabindex="5">
</div>
</div>
</form>
的login.php
//check if already logged in move to home page
if( $user->is_logged_in() ){ header('Location: userAction.php'); }
//process login form if submitted
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password,$id)){
$_SESSION['username'] = $username;
header('Location: index.php');
exit;
} else {
header('Location: userAction.php');
$_SESSION['errMsg'] = 'Wrong username/password';
}
} 这是用户类
class User extends Password{
private $_db;
function __construct($pdo){
parent::__construct();
$this->_db = $pdo;
}
private function get_user_hash($username){
try {
$stmt = $this->_db->prepare('SELECT password FROM users WHERE username = :username AND active="Yes" ');
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['password'];
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->password_verify($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
return true;
}
}
public function logout(){
session_destroy();
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
}
所以一切正常。我可以注册并登录,没有任何问题。我也可以随时拨打$_SESSION['username'],但我也希望userid使用$_SESSION['userid'] ..
可能是一件容易的事,但无法理解我应该放在哪里和哪里。
编辑:
这就是他们现在的样子:user.php
public function login_user_id($username){
try {
$stmt = $this->_db->prepare('SELECT id,email FROM users WHERE username = :username');
$stmt->execute(array('username' => $username));
// $row = $stmt->fetch();
return $row = $stmt->fetch();
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
这是login.php
if($user->login($username,$password)){
$data=$user->login_user_id($username);
foreach($data as $row)
{
$row['id'] = $_SESSION['id'];// assing user_id to session
$row['email'] = $_SESSION['email'];
}
$_SESSION['username'] = $username;
header('Location: index.php');
exit;
}
答案 0 :(得分:1)
匹配密码后,您需要获取记录用户的ID
if($user->login($username,$password)){
$user_id=$user->login_user_id($username);// get user id
$_SESSION['user_id'] = $user_id;// assing user_id to session
$_SESSION['username'] = $username;
header('Location: index.php');
exit;
}
根据数据库中的用户名获取user_id
function login_user_id($username){
try {
$stmt = $this->_db->prepare('SELECT user_id FROM users WHERE username = :username');
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['user_id'];
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
答案 1 :(得分:1)
你需要改变两个功能
private function get_user_hash($username){
try {
$stmt = $this->_db->prepare('SELECT password,id FROM users WHERE username = :username AND active="Yes" ');
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row;
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->password_verify($password,$hashed['password']) == 1){
$_SESSION['loggedin'] = true;
$_SESSION['userid'] = $hashed['id'];
return true;
}
}