我是使用PHP的新手。我想在我的网站上添加一个自动登录部分,因此用户在我的网站上创建帐户后会自动登录。有人可以告诉我如何在注册后自动登录用户吗?我不确定我应该在哪里开始。我感谢你能给我的所有帮助。非常感谢! :)
这是我的register.php脚本:
<?php
ob_start();
session_start();
if( isset($_SESSION['user'])!="" ){
header("Location: /");
}
include_once 'dbconnect.php';
$error = false;
if ( isset($_POST['btn-signup']) ) {
$name = trim($_POST['name']);
$name = strip_tags($name);
$name = htmlspecialchars($name);
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
$company = trim($_POST['company']);
$pcompany = strip_tags($company);
$company = htmlspecialchars($company);
if (empty($name)) {
$error = true;
$nameError = "Please enter your full name.";
} else if (strlen($name) < 3) {
$error = true;
$nameError = "Name must have atleat 3 characters.";
} else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
$error = true;
$nameError = "Name must contain alphabets and space.";
}
if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = "Please enter valid email address.";
} else {
$query = "SELECT userEmail FROM users WHERE userEmail='$email'";
$result = mysqli_query($conn,$query);
$count = mysqli_num_rows($result);
if($count!=0){
$error = true;
$emailError = "Provided Email is already in use.";
}
}
if (empty($pass)){
$error = true;
$passError = "Please enter password.";
} else if(strlen($pass) < 6) {
$error = true;
$passError = "Password must have atleast 6 characters.";
}
$password = hash('sha256', $pass);
if( !$error ) {
$query = "INSERT INTO users(userName,userEmail,userPass,userCompany) VALUES('$name','$email','$password','$company')";
$res = mysqli_query($conn,$query);
if ($res) {
$errTyp = "success";
$errMSG = "Successfully registered, you may login now";
unset($name);
unset($email);
unset($pass);
unset($company);
} else {
$errTyp = "danger";
$errMSG = "Something went wrong, try again later...";
}
}
}
//include your login validation
if(empty($errors)){
//User->login(); or anything you use for validating logins
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<title>Register | Hexa</title>
<link rel="icon" href="https://app.myhexa.co/favicon.ico" type="image/x-icon">
<link href="https://fonts.googleapis.com/css?family=Roboto:400,700&subset=latin,cyrillic-ext" rel="stylesheet" type="text/css">
<link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" type="text/css">
<link href="plugins/bootstrap/css/bootstrap.css" rel="stylesheet">
<link href="plugins/node-waves/waves.css" rel="stylesheet" />
<link href="plugins/animate-css/animate.css" rel="stylesheet" />
<link href="css/login.css" rel="stylesheet">
</head>
<body class="signup-page bg-blue-grey">
<div class="signup-box">
<div class="logo">
<center><img src="img/logo.png" height="50" width="155"></center>
</div>
<div class="card">
<div class="body">
<form id="sign_up" method="POST">
<div class="msg"><h3 class="col-blue-grey">CREATE ACCOUNT</h3></div><br>
<?php
if ( isset($errMSG) ) {
?>
<span class="fa fa-exclamation-triangle"></span> <?php echo $errMSG; ?>
</div>
</div>
<?php
}
?>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">person</i>
</span>
<div class="form-line">
<input type="text" name="name" class="form-control" placeholder="Name" maxlength="50" value="<?php echo $name ?>" /">
</div>
</div>
<span class="text-danger"><?php echo $nameError; ?></span><br>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">email</i>
</span>
<div class="form-line">
<input type="email" name="email" class="form-control" placeholder="Email Address" maxlength="40" value="<?php echo $email ?>" />
</div>
</div>
<span class="text-danger"><?php echo $emailError; ?></span><br>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">people</i>
</span>
<div class="form-line">
<input type="text" name="company" class="form-control" placeholder="Company" value="<?php echo $company ?>" />
</div>
</div><br>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">lock</i>
</span>
<div class="form-line">
<input type="password" name="password" class="form-control" placeholder="Password" maxlength="15" id="password" required>
</div>
</div>
<span class="text-danger"><?php echo $passError; ?></span><br>
<div class="input-group">
<span class="input-group-addon">
<i class="material-icons">lock</i>
</span>
<div class="form-line">
<input type="password" name="pass" class="form-control" placeholder="Confirm Password" maxlength="15" id="confirm_password" required>
</div>
</div>
<div class="form-group">
<input type="checkbox" name="terms" id="terms" class="filled-in chk-col-deep-orange">
<label for="terms">I read and agree to the <a href="javascript:void(0);">terms of usage</a>.</label>
</div>
<button type="submit" class="btn btn-block btn-lg bg-deep-orange waves-effect" name="btn-signup">REGISTER</button>
<div class="m-t-25 m-b--5 align-center">
<a href="login">Have An Account?</a>
</div>
</form>
</div>
</div>
</div>
<script src="plugins/jquery/jquery.min.js"></script>
<script src="plugins/bootstrap/js/bootstrap.js"></script>
<script src="plugins/node-waves/waves.js"></script>
<script src="plugins/jquery-validation/jquery.validate.js"></script>
<script src="plugins/js/admin.js"></script>
<script>var password = document.getElementById("password")
, confirm_password = document.getElementById("confirm_password");
function validatePassword(){
if(password.value != confirm_password.value) {
confirm_password.setCustomValidity("Passwords Don't Match");
} else {
confirm_password.setCustomValidity('');
}
}
password.onchange = validatePassword;
confirm_password.onkeyup = validatePassword;
</script>
</body>
</html>
<?php ob_end_flush(); ?>
答案 0 :(得分:0)
在评论中链接的JSFiddle中,您可以在成功登录后设置会话
$_SESSION['user'] = $row['userId'];
这意味着您需要在完成注册后将$_SESSION['user']
会话设置为最后插入的ID,以实现您的要求。您可以使用mysqli_insert_id()
函数获取最后插入的ID。这就是这个
if ($res) {
$errTyp = "success";
$errMSG = "Successfully registered, you may login now";
$_SESSION['user'] = mysqli_insert_id($conn); // Sets the session and logs the user in instantly
}
其他信息
您已经在使用支持预备语句的API和有界变量输入,您应该利用带占位符的参数化查询(预备语句)来保护您的数据库免受{{3 }}!
开始使用SQL-injection和mysqli::prepare()
。
您还应该使用PHP password_*
函数来散列和验证密码,而不是使用sha512。
此外,您有if( isset($_SESSION['user'])!="" ){
- 它将布尔值与空字符串进行比较。它应该是if (isset($_SESSION['user'])) {
。
exit;
调用后都应添加 header("Location: ..");
,以防止脚本执行任何进一步的操作。
最后,htmlspecialchars()
等函数用于输出而不是输入。这些与&#34;逃避&#34;无关。或者清理数据,但用于确保HTML在从数据库输出数据时有效(反过来,防止XSS攻击)。 密码根本不应该被更改 - 只是哈希它们 - 因为如果在散列之前/之后使用其他函数,散列可能会有所不同。
strip_tags()
可能适用于其他变量,但我不相信它适合此处(取决于您应该了解该功能的作用,请阅读strip_tags()
上的手册)。
参考文献