[英]Grabing the username in a php login session
I been doing alot of research with php logins and how they work for a while.一段时间以来,我一直在对 php 登录以及它们如何工作进行大量研究。 I came across this site a couple of days ago.几天前我偶然发现了这个网站。 http://www.intechgrity.com/create-login-admin-logout-page-in-php-w/#comment-25300 . http://www.intechgrity.com/create-login-admin-logout-page-in-php-w/#comment-25300 。 Looking at it I notice that it was using session_register
which is a huge problem in PHP 5.3.看着它,我注意到它正在使用session_register
,这是 PHP 5.3 中的一个大问题。 I begin playing around with it and I got the login part to work with no problem, but for some reason I can't get the username to show in the header of the admin page.我开始玩它,我的登录部分没有问题,但由于某种原因,我无法在管理页面的 header 中显示用户名。 What I want is: <h1>Welcome To Admin Page Username</h1>
and it gives me <h1>Welcome To Admin Page</h1>
.我想要的是: <h1>Welcome To Admin Page Username</h1>
它给了我<h1>Welcome To Admin Page</h1>
。 I was wondering if it's because I have 2 sessions using the same var?我想知道是不是因为我有 2 个会话使用相同的 var?
My changes from the tutorial:我对教程的更改:
check_login.php - check_login.php -
<?php
define(DOC_ROOT,dirname(__FILE__)); // To properly get the config.php file
$username = $_POST['username']; //Set UserName
$password = $_POST['password']; //Set Password
$msg ='';
if(isset($username, $password)) {
ob_start();
include(DOC_ROOT.'/config.php'); //Initiate the MySQL connection
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($username);
$mypassword = stripslashes($password);
$myusername = mysqli_real_escape_string($dbC, $myusername);
$mypassword = mysqli_real_escape_string($dbC, $mypassword);
$sql="SELECT * FROM login_admin WHERE user_name='$myusername' and user_pass=SHA('$mypassword')";
$result=mysqli_query($dbC, $sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "admin.php"
$_SESSION["admin"]= $myusername;
$_SESSION["password"]= $mypassword;
$_SESSION["name"]= $myusername;
header("location:admin.php");
}
else {
$msg = "Wrong Username or Password. Please retry";
header("location:login.php?msg=$msg");
}
ob_end_flush();
}
else {
header("location:login.php?msg=Please enter some username and password");
}
?>
admin.php - admin.php -
<?php
session_start(); //Start the session
define(ADMIN,isset($_SESSION["name"])); //Get the user name from the previously registered super global variable
if(isset($_SESSION["admin"])){ //If session not registered
header("location:login.php"); // Redirect to login.php page
}
else //Continue to current page
header( 'Content-Type: text/html; charset=utf-8' );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Welcome To Admin Page Demonstration</title>
</head>
<body>
<h1>Welcome To Admin Page <?php echo ADMIN /*Echo the username */ ?></h1>
<p><a href="logout.php">Logout</a></p> <!-- A link for the logout page -->
<p>Put Admin Contents</p>
</body>
</html>
These are the only 2 pages I did changes.这些是我唯一更改的 2 页。 Thanks for any help.谢谢你的帮助。
UPDATE: I tired the changes from everyone who answer and still got a blank.更新:我厌倦了每个回答但仍然空白的人的变化。 I just going to give up on it.我只是要放弃它。 It puzzles me how it work with the old code but not with the new code.它使我困惑它如何使用旧代码而不是新代码。 Thanks for all the help.感谢所有的帮助。
UPDATE 2: Got it to work thanks to Gumbo suggestion about using var_dump();
更新 2:感谢 Gumbo 关于使用var_dump();
的建议。 . . What I did is I took everything from *check_login.php* and placed it into the admin.php and went from array(0){}
to array(3) { ["username"]=> string(6) "admin" ["admin"]=> string(6) "admin" ["password"]=> string(5) "************" }
.我所做的是我从 *check_login.php* 中取出所有内容并将其放入admin.php并从array(0){}
转到array(3) { ["username"]=> string(6) "admin" ["admin"]=> string(6) "admin" ["password"]=> string(5) "************" }
.
Thanks everyone for all of your help.感谢大家的帮助。
There are two things wrong.有两点不对。 Change all of the old to new .将所有旧的更改为新的。 (Did this way for nicer formatting.) (这样做是为了更好地格式化。)
define(ADMIN,isset($_SESSION["name"])); //old
define(ADMIN,$_SESSION["name"]); //new
$_SESSION["name2"]= $myusername; //old
$_SESSION["name"]= $myusername; //new
isset() returns a boolean, not the value. isset()返回 boolean,而不是值。
Edit: As stated by Gumbo, a semi-colon is not needed after the constant ADMIN.编辑:正如 Gumbo 所说,在常量 ADMIN 之后不需要分号。 Therefore, there are only two errors.因此,只有两个错误。
isset
does only return a boolean value depending on whether the given variable exists or not; isset
仅返回 boolean 值,具体取决于给定变量是否存在; but it does not return the variable value if it exists.但如果它存在,它不会返回变量值。
Do this instead:改为这样做:
session_start(); // Start the session
if (!isset($_SESSION["admin"])) { // If session not registered
header("location:login.php"); // Redirect to login.php page
exit; // Stop execution of current script
} else {
header('Content-Type: text/html; charset=utf-8');
define('ADMIN', $_SESSION["name"]); //Get the user name from the previously registered super global variable
}
And note that you've used $_SESSION["name2"]
and not $_SESSION["name"]
in your check_login.php .请注意,您在check_login.php中使用$_SESSION["name2"]
而不是$_SESSION["name"]
。
This should work:这应该有效:
<h1>Welcome To Admin Page <?php echo $_SESSION['admin'] ?></h1>
In check_login.php you are assigning $_SESSION["name2"] but in admin.php you are using $_SESSION["name"].在 check_login.php 中,您正在分配 $_SESSION["name2"],但在 admin.php 中,您使用的是 $_SESSION["name"]。 Besides, as others have already pointed out, you define ADMIN as a bool value rather than the username...此外,正如其他人已经指出的那样,您将 ADMIN 定义为布尔值而不是用户名......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.