[英]Best way to echo a username on every page with sessions?
我已经弄清楚了如何制作有效的注册表格和登录表格。 我也有一个测验,可以在用户登录时将分数发布到数据库。现在,我试图弄清楚如何捕获已登录用户的用户名,并使该用户名在我网站的其他页面上可用。
从讨论中判断@ 我如何使用PHP在个人资料页面中回显用户名? 看来我应该在每个部分的第一页中编写一个简单的数据库查询。 但是,有没有更有效的方法?
为了说明这一点,我的注册和登录表单位于mysite / admin,而我的测试位于mysite / test。
这是我的登录页面中的代码:
<?php if( !isset( $_SESSION['user_id'] ) ): ?>
<h2>Login Here</h2>
<form action="/admin/login/login-submit.php" method="post">
<fieldset>
<label for="username">Username</label>
<input type="text" id="username" name="username" value="" maxlength="20" />
<br>
<label for="password">Password</label>
<input type="text" id="password" name="password" value="" maxlength="20" />
<br>
<input type="submit" value="→ Login" />
</fieldset>
</form>
这是login-submit.php中的代码:
if(isset( $_SESSION['user_id'] ))
{
$message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['username']))
{
$message = 'Please enter a valid username and password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
/*** if there is no match ***/
$message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
/*** if there is no match ***/
$message = "Password must be alpha numeric";
}
else
{
/*** if we are here the data is valid and we can insert it into database ***/
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
/*** now we can encrypt the password ***/
$password = sha1( $password );
// $phpro_password = sha1( $phpro_password );
// DATABASE CONNECTION
try
{
$dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
/*** $message = a message saying we have connected ***/
/*** set the error mode to excptions ***/
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
/*** prepare the select statement ***/
$stmt = $dbh->prepare("SELECT user_id, username, password FROM g1_members
WHERE username = :username AND password = :password");
/*** bind the parameters ***/
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR, 40);
/*** execute the prepared statement ***/
$stmt->execute();
/*** check for a result ***/
$user_id = $stmt->fetchColumn();
/*** if we have no result then fail boat ***/
if($user_id == false)
{
$message = 'Login Failed';
}
/*** if we do have a result, all is well ***/
else
{
/*** set the session user_id variable ***/
$_SESSION['user_id'] = $user_id;
/*** tell the user we are logged in ***/
$message = 'You are now logged in';
}
}
catch(Exception $e)
{
/*** if we are here, something has gone wrong with the database ***/
$message = 'We are unable to process your request. Please try again later.';
}
}
我添加了这个简单的查询,该查询在$ Username中捕获了用户的用户名:
$stm = $pdo->prepare("SELECT username
FROM g1_members
WHERE user_id = :user_id");
$stm->execute(array(
'user_id'=>$user_id
));
while ($row = $stm->fetch())
{
$Username = $row['username'];
}
因此,是否需要在每个部分(例如,mysite / topics,mysite / people等)中添加相同的查询?还是有更好的方法呢?
运行此代码时:
$_SESSION['user_id'] = $user_id;
您可以将用户名添加为其他会话变量,例如:
$_SESSION['username'] = $username;
这已在您的代码中设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.