我想在他们登录后显示在线用户

Question

我想显示：登录为： _ __ _ ___

到目前为止的代码：

登录检查，

<?php
include('config.php');

// username and password sent from form 
$myemail=$_POST['myemail']; 
$mypassword=$_POST['mypassword'];

// To protect MySQL injection
$myemail = stripslashes($myemail);
$mypassword = stripslashes($mypassword);
$myemail = mysql_real_escape_string($myemail);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE email='$myemail' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

if($count==1){
session_start(); 
$_SESSION['myemail'] = $myemail; 
header("Location: http://www.jblanksby.yourwebsolution.net/login_success.php?            user=$myemail"); } 
else 
{ header("Location: http://www.jblanksby.yourwebsolution.net/loginerror.php"); 
} 
?>

登录成功页面/第一个成员页面，

<? 
$email = $_GET['myemail']; 
session_start(); 
$_SESSION['myemail'] = $email;  

if(isset($_SESSION['email'])){ 
} else { 
echo " 
<script language='javascript'> 
alert('Sorry, but you must login to view the members area!') 
</script> 
<script> 
window.location='http://jblanksby.yourwebsolution.net/sign_in.php' 
</script> 
"; } 
?>

<html>
blah blah blah
</html>

用于显示用户电子邮件的代码，

Logged in as: <? echo "$email"; ?>

登录方面的事情是完美的。 仅显示用户电子邮件证明是困难的。 我做错了什么/错过了什么？

Answer 1

由于您尝试从会话中显示值，因此必须使用$_SESSION['email'] 。

session_start(); // Or, if you have done it ahead, then omit this
echo "Logged in as:".$_SESSION['email'];

Answer 2

在$_SESSION上使用Starx建议，但你需要将session_start作为页面上的第一行PHP移动，在$email = $_GET['myemail']; （或$email = $_SESSION['email'] ）

<?php
session_start();
$email = $_SESSION['email'];
?>

添加

要使用会话变量，请将其声明为（假设您在表单提交时使用method = post）：

<?php
session_start();
$_SESSION['email'] = $_POST['email'];
?>

这当然对于用户输入是不安全的，假设您在将用户输入从一个页面传递到另一个页面并将其注入查询之前对其进行了静态处理，这只是一个简单的示例。

Answer 3

登录脚本：

$username = $_POST['username'];
$password = $_POST['password'];
$password = sha1($password);

if ($username&&$password) {
        require_once('../db/nstDBconnector.php');
        $qr = "SELECT * FROM `users` WHERE `username` = '$username'";
        $query = mysql_query($qr);
        $numrows = mysql_num_rows($query);

        if ($numrows!=0) {
            // check password against the password in the database
            while ($row = mysql_fetch_array($query, MYSQL_ASSOC)) {
                $storedUsername = $row['username'];
                $storedPassword = $row['password'];
                $storedUserType = $row['user_type'];
                $storedUserFName = $row['full_name'];
                $_SESSION['last_ip'] = $_SERVER['REMOTE_ADDR'];
            }
            // check to see if username and password match
            if ($username==$storedUsername&&$password==$storedPassword) {
                ob_start();
                session_start();
                $_SESSION['username'] = $storedUsername;
                $_SESSION['user_type'] = $storedUserType;
                $_SESSION['full_name'] = $storedUserFName;
                header ('Location: main.php?login=successful');
            } else {
                header ('Location: index.php?error=incorrectPassword');
            }
        } else {
            header ('Location: index.php?error=noUser');
        }
    } else {
        header ('Location: index.php?error=missingUserAndPass');

    }

登录后您带他们去的页面：

if ($_SESSION['username']) {
    $userLogged = $_SESSION['username'];
    $userType = $_SESSION['user_type'];
    $userFName = $_SESSION['full_name'];
} else {
    header ('Location: http://www.yourdomain.com/index.php?error=notLoggedIn');
}

您要在页面上显示用户名的位置：

Logged in as <?php echo $userFName; ?>.

要么

echo "Logged in as ", $userFName, ".";