我正在尝试获取刚刚登录的用户的UserID并将其存储在$ _SESSION ['UserID']中,但它没有这样做。
不存储它。 Array ( [LoggedIn] => 1 [UserID] => )
// Database Connection File
require("../system/config.php");
$user['username'] = $_POST['username'];
$user['password'] = md5($_POST['password']);
$login_check = $DBH->prepare("SELECT Username, Password FROM Users WHERE Username = ? AND Password = ?");
$login_check->execute(array($user['username'], $user['password']));
if(count($login_check) == 1) {
session_start();
$row = $login_check->fetch();
$_SESSION['LoggedIn'] = 1;
$_SESSION['UserID'] = $row['UserID'];
print_r($_SESSION);
}
else {
echo "You have entered an incorrect Username and Password, please try again.";
}
答案 0 :(得分:3)
修改:您可能正在寻找的答案是您没有在查询中选择UserID。但是你仍然应该看看我在下面写的内容。
您应该使用if ($login_check->rowCount() == 1)代替count()
或者,最好fetch()用户名的密码,并在php中检查它是否正确,因为这样你就可以检测并存储每个用户的错误密码尝试,并可能暂时拒绝访问如果有太多。
$login_check = $DBH->prepare("SELECT UserID, Password FROM Users WHERE Username = ?");
$login_check->execute(array($user['username']));
$row = $login_check->fetch();
if (!empty($row)) {
// user exists
if ($row['Password'] == $user['password']) {
// login success
}
else {
// bad password attempt
}
}
else {
// non-existant user
}