在会话的每个页面上回显用户名的最佳方法？

Question

我已经弄清楚了如何制作有效的注册表格和登录表格。 我也有一个测验，可以在用户登录时将分数发布到数据库。现在，我试图弄清楚如何捕获已登录用户的用户名，并使该用户名在我网站的其他页面上可用。

从讨论中判断@ 我如何使用PHP在个人资料页面中回显用户名？ 看来我应该在每个部分的第一页中编写一个简单的数据库查询。 但是，有没有更有效的方法？

为了说明这一点，我的注册和登录表单位于mysite / admin，而我的测试位于mysite / test。

这是我的登录页面中的代码：

<?php if( !isset( $_SESSION['user_id'] ) ): ?>
<h2>Login Here</h2>
<form action="/admin/login/login-submit.php" method="post">
<fieldset>
<label for="username">Username</label>
<input type="text" id="username" name="username" value="" maxlength="20" />
<br>
<label for="password">Password</label>
<input type="text" id="password" name="password" value="" maxlength="20" />
<br>
<input type="submit" value="→ Login" />
</fieldset>
</form>

这是login-submit.php中的代码：

if(isset( $_SESSION['user_id'] ))
{
 $message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['username']))
{
 $message = 'Please enter a valid username and password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
 /*** if there is no match ***/
 $message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
    /*** if there is no match ***/
    $message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into    database ***/
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);

/*** now we can encrypt the password ***/
$password = sha1( $password );
// $phpro_password = sha1( $phpro_password );

// DATABASE CONNECTION

try
{
    $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname",   $mysql_username, $mysql_password);
    /*** $message = a message saying we have connected ***/

    /*** set the error mode to excptions ***/
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    /*** prepare the select statement ***/
    $stmt = $dbh->prepare("SELECT user_id, username, password FROM     g1_members 
                WHERE username = :username AND password = :password");
    /*** bind the parameters ***/
    $stmt->bindParam(':username', $username, PDO::PARAM_STR);
    $stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);

    /*** execute the prepared statement ***/
    $stmt->execute();

    /*** check for a result ***/
    $user_id = $stmt->fetchColumn();

    /*** if we have no result then fail boat ***/
    if($user_id == false)
    {
            $message = 'Login Failed';
    }
    /*** if we do have a result, all is well ***/
    else
    {
            /*** set the session user_id variable ***/
            $_SESSION['user_id'] = $user_id;

            /*** tell the user we are logged in ***/
            $message = 'You are now logged in';
    }


}
catch(Exception $e)
{
    /*** if we are here, something has gone wrong with the database     ***/
    $message = 'We are unable to process your request. Please try again  later.';
 }
}

我添加了这个简单的查询，该查询在$ Username中捕获了用户的用户名：

$stm = $pdo->prepare("SELECT username
 FROM g1_members
 WHERE user_id = :user_id");
 $stm->execute(array(
 'user_id'=>$user_id
));

 while ($row = $stm->fetch())
{
 $Username = $row['username'];
}

因此，是否需要在每个部分（例如，mysite / topics，mysite / people等）中添加相同的查询？还是有更好的方法呢？

Answer 1

运行此代码时：

 $_SESSION['user_id'] = $user_id;

您可以将用户名添加为其他会话变量，例如：

 $_SESSION['username'] = $username;

这已在您的代码中设置。