我想在他们登录后显示在线用户

Question

I would like to display: Logged in as: _ __ _ ___

The code so far:

The login check,

<?php
include('config.php');

// username and password sent from form 
$myemail=$_POST['myemail']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection
$myemail = stripslashes($myemail);
$mypassword = stripslashes($mypassword);
$myemail = mysql_real_escape_string($myemail);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE email='$myemail' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

if($count==1){
session_start(); 
$_SESSION['myemail'] = $myemail; 
header("Location: http://www.jblanksby.yourwebsolution.net/login_success.php?            user=$myemail"); } 
else 
{ header("Location: http://www.jblanksby.yourwebsolution.net/loginerror.php"); 
} 
?>

The login success page/first members page,

<? 
$email = $_GET['myemail']; 
session_start(); 
$_SESSION['myemail'] = $email;  

if(isset($_SESSION['email'])){ 
} else { 
echo " 
<script language='javascript'> 
alert('Sorry, but you must login to view the members area!') 
</script> 
<script> 
window.location='http://jblanksby.yourwebsolution.net/sign_in.php' 
</script> 
"; } 
?>

<html>
blah blah blah
</html>

The code used to display the users email,

Logged in as: <? echo "$email"; ?>

The log in side of things is perfect. Just displaying the users email is proving difficult. What have I done wrong/missed out?

Answer 1

Since you are trying to display values out from the session, you have to use $_SESSION['email'] .

session_start(); // Or, if you have done it ahead, then omit this
echo "Logged in as:".$_SESSION['email'];

Answer 2

Use Starx suggestion on the $_SESSION but you need to move your session_start as the first line of PHP on the page, above $email = $_GET['myemail']; (or $email = $_SESSION['email'] )

<?php
session_start();
$email = $_SESSION['email'];
?>

ADDED

To use the session variable, declare it like so (assuming you are using a method=post on form submittal):

<?php
session_start();
$_SESSION['email'] = $_POST['email'];
?>

This of course isn't safe for user input, it's presumed that you are sanatizing the user input prior to passing it from page to page and injecting it into your queries, this is just a simple example.

Answer 3

Login Script:

$username = $_POST['username'];
$password = $_POST['password'];
$password = sha1($password);

if ($username&&$password) {
        require_once('../db/nstDBconnector.php');
        $qr = "SELECT * FROM `users` WHERE `username` = '$username'";
        $query = mysql_query($qr);
        $numrows = mysql_num_rows($query);

        if ($numrows!=0) {
            // check password against the password in the database
            while ($row = mysql_fetch_array($query, MYSQL_ASSOC)) {
                $storedUsername = $row['username'];
                $storedPassword = $row['password'];
                $storedUserType = $row['user_type'];
                $storedUserFName = $row['full_name'];
                $_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
            }
            // check to see if username and password match
            if ($username==$storedUsername&&$password==$storedPassword) {
                ob_start();
                session_start();
                $_SESSION['username'] = $storedUsername;
                $_SESSION['user_type'] = $storedUserType;
                $_SESSION['full_name'] = $storedUserFName;
                header ('Location: main.php?login=successful');
            } else {
                header ('Location: index.php?error=incorrectPassword');
            }
        } else {
            header ('Location: index.php?error=noUser');
        }
    } else {
        header ('Location: index.php?error=missingUserAndPass');

    }

The page you are taking them to after login:

if ($_SESSION['username']) {
    $userLogged = $_SESSION['username'];
    $userType = $_SESSION['user_type'];
    $userFName = $_SESSION['full_name'];
} else {
    header ('Location: http://www.yourdomain.com/index.php?error=notLoggedIn');
}

Where you want to show user name on the page:

Logged in as <?php echo $userFName; ?>.

or

echo "Logged in as ", $userFName, ".";