stackoom
  简体   繁体   中英

PHP/Mysql Login System

 原文  2011-01-20 09:39:20       php/ mysql/ login

Question

at the moment, i'm taking POST information from a form and passing it to a login.php page which runs them through this function: 

function verify_Username_and_Pass($un, $pwd) {

    $query = "SELECT *
            FROM users
            WHERE username = ? AND password = ?
            LIMIT 1";

    if($stmt = $this->conn->prepare($query)) {
        $stmt->bind_param('ss', $un, $pwd);
        $stmt->execute();

        if($stmt->fetch()) {
            $stmt->close();
            return true;
        }
    }

}

At the moment, the only thing this checks for is whether a matching record exists, which in turn redirects the user to secret.php with this: 

function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

    if($ensure_credentials) {
        $_SESSION['status'] = 'authorized';
        header("location: ../secret.php");
    } else {
        header("location: ../index.php");
    }

}

But what i need to do is, instead of one secret page, have a PHP page for each user in the DB (theres only going to be a couple) so i need the function to return the name of the username if successful and redirect them to [username].php and also set a session with the username in it, so on the secret pages i can check whether the right user is coming to the right page? That make sense?

6 answers

solution1
 2  2011-01-20 09:57:01

Or, don't pass the username as get parameter, but save the username in the session: 

if($ensure_credentials) {
    $_SESSION['status'] = 'authorized';
    $_SESSION['username'] = $un;
    header("location: ../secret.php");
}

and in secret.php : 

if ($_SESSION['username'] == 'Jack') {
    echo 'Hey Jack!';
}
elseif ($_SESSION['username'] == 'Jill') {
    echo 'Hello Jill!';
}
else {
    // die / send 404
}

or match username against database for custom page content.

solution2
 1  2011-01-20 09:48:57

I don't discuss about if this is or not a right and clear implementation. I just try to "fix" your code: 

function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

    if($ensure_credentials) {
        $_SESSION['status'] = 'authorized';
        $_SESSION['username'] = $un;
        header("location: ../{$un}.php");
    } else {
        header("location: ../index.php");
    }

}

Into <username>.php you can check if $_SESSION['username'] is equals to the file name minus the .php extensions

But! Maybe there is a better implementation...for instance instead of having N php files (onece for user) you can have just one php file that will load the right data based on $_SESSION['username'] value

UPDATED: At the head of <username> .php 

<?php
session_start();
if ($_SESSION['status'] == 'authorized' && preg_match("/^{$_SESSION['username']}\\.php$/",__FILE__)){
  echo "OK";!
}else{
  header("location: ../index.php");
}
?>

solution3
 1 ACCPTED  2011-01-20 09:49:06

function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

    if($ensure_credentials) {
        $_SESSION['status'] = 'authorized';
        $_SESSION['username'] = $un;
        header("location: ../secret.php");
    } else {
        header("location: ../index.php");
    }

}

secret.php 

<?php
session_start(); //important;

if($_SESSION['status'] != 'authorized') { 
    header("Location: ../index.php");  // not logged in
}

/* user specific stuff.. */
echo '<h1>' . $_SESSION['username'] . '</h1>';

$query = 'SELECT * FROM `user_profile` WHERE `username`="' . $_SESSION['username'] . '"';
//etc

edit if you're insisting on having specific pages, have something like this:

inside ross.php 

<?php
session_start();
if($_SESSION['username'] != 'Ross') { die('you shouldn\'t be here..'); }

// ok it's Ross, carry on
?>

probably all better done using DB + sessions

solution4
 0  2011-01-20 09:44:20

You could have a page called member.php and pass the username as a parameter.

for instance member.php?username=benhowdle89 .

Would this suffice? What is on the 'secret' page?

If you really need a separate page for each then you could do: 

if(!is_file($username.'.php')){
    $user_file = fopen($username.'.php', 'w');
    fwrite($user_file, '<p>User content</p>');
}

header('Location:'.$username.'.php', true, 302);
exit;

It still doesn't seem like the best solution to the problem. I'd personally just save the user id/name to a session like: 

session_start();
$_SESSION['user_id'] = 23;

And then I could build the content for each user page dynamically, based on that value.

solution5
 0  2011-01-20 09:51:05

将它们重定向到header secret.php?user = $ un

solution6
 0  2011-01-20 09:54:01

It does make sense and it doable, although I do not see why would you want to do something complicated like that. First of all you need to return the data from your query instead of true, I do not know what library are you using, although that $stmt->fetch() stuff should return an array, an object, an array of objects, so do something like this $data = $stmt->fetch(); return $data; an put a print_r($data) to see what is inside. Afterwords use the thing with member.php form the aswer above.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question php and MySQL Login system Login system [php + mysql] Login system with PHP & MySQL PHP + MySQL login system mySql and PHP login system PHP MySQL JSON Login System PHP Login System without MySQL Login/Registration System with php and mysql PHP-MySQL Login system Login crypting system PHP/MySQL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM